CVE-2020-13776
MEDIUMsystemd < 245 - Improper Privilege Management via Numerical Username Handling
Title source: llmDescription
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/systemd/systemd/issues/15985
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200611-0003/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
Scores
CVSS v3
6.7
EPSS
0.0014
EPSS Percentile
33.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (4)
fedoraproject/fedora
32
netapp/active_iq_unified_manager
netapp/solidfire_\&_hci_management_node
systemd_project/systemd
< 245
Published
Jun 03, 2020
Tracked Since
Feb 18, 2026