Impact
The vulnerability is a missing authorization flaw that allows an attacker to perform privileged functions within Pardus Update, potentially leading to higher privilege levels on the affected system. This lack of proper access control enables an attacker to elevate privileges, thereby compromising confidentiality, integrity, or availability if privileged actions are applied to critical system components. The weakness falls under CWE-862, indicating that the software does not correctly enforce authorization checks.
Affected Systems
The issue impacts the TUBITAK BILGEM Software Technologies Research Institute Pardus Update product. Versions affected include those up to and including 0.6.3, as well as any releases prior to 0.6.6. The exact boundary of affected releases is not fully specified, but all versions at or before 0.6.5 are likely vulnerable.
Risk and Exploitability
The CVSS base score of 7.8 demonstrates a high degree of risk. With no EPSS score, the current exploitation probability is unknown, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, the vulnerability requires access that can trigger update operations; the attack vector is inferred to be either local or remote depending on how the update service is exposed. If the update process is accessible to unauthenticated or low-privilege users, the attacker can simply invoke privileged functions to raise their permissions. Because the flaw is an authorization bypass, a successful exploitation grants the attacker the same rights as the update process, potentially leading to system compromise.
OpenCVE Enrichment