systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00093Percentile:
0.27145
CVSS Scoring
CVSS v3.1 Score: 6.7
Severity: MEDIUM
Mapped CWE(s)
CWE-269
: Improper Privilege Management
All CAPEC(s)
CAPEC-122 : Privilege Abuse
CAPEC-233 : Privilege Escalation
CAPEC-58 : Restful Privilege Elevation
CAPEC(s) with Mapped TTPs
CAPEC-122 : Privilege Abuse
Mapped TTPs:
T1548
: Abuse Elevation Control Mechanism
CAPEC-233 : Privilege Escalation
Mapped TTPs:
T1548
: Abuse Elevation Control Mechanism
Mapped ATT&CK TTPs
T1548
: Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1548
: Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me