vulnerability

Oracle Linux: CVE-2019-25058: ELSA-2023-0303: usbguard security update (MODERATE) (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Feb 24, 2022
Added
Jan 13, 2023
Modified
Dec 5, 2024

Description

An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. This flaw allows an attacker to access and escape policy configuration.

Solution(s)

oracle-linux-upgrade-usbguardoracle-linux-upgrade-usbguard-dbusoracle-linux-upgrade-usbguard-notifieroracle-linux-upgrade-usbguard-selinuxoracle-linux-upgrade-usbguard-tools
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.