Description
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://lists.suse.com/pipermail/sle-security-updates/2016-June/002096.html
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
29.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (4)
n/a/supportconfig
supportconfig
suse/linux_enterprise_desktop
12 (2 CPE variants)
suse/linux_enterprise_server
12 sp1
suse/suse_linux_enterprise_server
12
Published
Mar 23, 2017
Tracked Since
Feb 18, 2026