CVE-2016-1602
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
Known Affected Software
3 configuration(s) from 1 vendor(s)
suse_linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-94
Top 25 #7
Improper Control of Generation of Code ('Code Injection')
- Description
- The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- March 23, 2017
