A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 2
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Redhat Satellite
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
|
— | — |
|
Logicminds Rubyipmi
cpe:2.3:a:logicminds:rubyipmi:*:*:*:*:*:*:*:*
|
— |
<= 0.12.1
|
References 5
https://access.redhat.com/security/cve/CVE-2026-0980
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2429874
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5968
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5970
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:5971
secalert@redhat.com