CVE-2024-10963

7.4 HIGH

Published: November 07, 2024 Modified: March 24, 2026

Description

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:10232

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:10244

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:10379

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:10518

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:10528

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:10852

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-10963

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2324291

Source: secalert@redhat.com

https://github.com/linux-pam/linux-pam/issues/834

Source: secalert@redhat.com

https://github.com/linux-pam/linux-pam/pull/835

Source: secalert@redhat.com

10 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.4 / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-287

Related CVEs

CVE-2026-4779 6.3

CVE-2026-4778 6.3

CVE-2026-4777 6.3

CVE-2026-4433 N/A

CVE-2026-4371 N/A