CVE-2023-32183 – This vulnerability allows users with hacluster ... (How to Fix)

Q: What is the severity of CVE-2023-32183?

CVE-2023-32183 has a CVSS score of 7.8 (HIGH). This vulnerability allows users with hacluster group access on openSUSE Tumbleweed systems to escalate privileges to root due to incorrect default permissions in the hawk2 package. It affects openSUSE Tumbleweed installations with the hawk2 package installed. Attackers need existing access to the hacluster account or group to exploit this.

📋 TL;DR

This vulnerability allows users with hacluster group access on openSUSE Tumbleweed systems to escalate privileges to root due to incorrect default permissions in the hawk2 package. It affects openSUSE Tumbleweed installations with the hawk2 package installed. Attackers need existing access to the hacluster account or group to exploit this.

💻 Affected Systems

Products:

openSUSE Tumbleweed hawk2 package

Versions: All versions before the fix

Operating Systems: openSUSE Tumbleweed

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with hawk2 package installed and users with hacluster group membership.

📦 What is this software?

Tumbleweed by Opensuse

View all CVEs affecting Tumbleweed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root compromise of affected systems, allowing complete system control, data theft, and lateral movement within the environment.

🟠

Likely Case

Privilege escalation from hacluster user to root, enabling installation of persistent backdoors, credential harvesting, and further system compromise.

🟢

If Mitigated

Limited impact if proper access controls restrict hacluster group membership and monitoring detects privilege escalation attempts.

🌐 Internet-Facing: LOW - Exploitation requires existing local access to hacluster account, not directly reachable from internet.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts with hacluster access can achieve root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires existing access to hacluster account/group. The vulnerability is in default permissions, making exploitation straightforward for authenticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Updated hawk2 package via openSUSE Tumbleweed updates

Vendor Advisory: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183

Restart Required: No

Instructions:

1. Run 'sudo zypper update hawk2' 2. Verify the update completed successfully 3. No restart required

🔧 Temporary Workarounds

Restrict hacluster group membership

linux

Remove unnecessary users from hacluster group to reduce attack surface

sudo gpasswd -d username hacluster

Monitor hacluster privilege escalation

linux

Implement auditing for privilege escalation attempts from hacluster users

Add audit rule: auditctl -a always,exit -F arch=b64 -S execve -F euid=0 -F auid>=1000 -F auid!=-1 -k hacluster_priv_esc

🧯 If You Can't Patch

Strictly limit hacluster group membership to essential users only
Implement monitoring and alerting for privilege escalation attempts from hacluster accounts

🔍 How to Verify

Check if Vulnerable:

Check if hawk2 package is installed and version is vulnerable: rpm -q hawk2

Check Version:

rpm -q hawk2

Verify Fix Applied:

Verify updated package version: rpm -q hawk2 | grep -E 'version_with_fix' (check vendor advisory for exact version)

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation from hacluster users
Failed sudo/root access attempts from hacluster accounts
Audit logs showing hacluster users gaining root

Network Indicators:

None - local privilege escalation only

SIEM Query:

source="audit.log" AND (user.hacluster=* AND privilege.escalation=success)

📊 Metadata

CVE ID: CVE-2023-32183

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: July 7, 2023

Last Updated: November 21, 2024

🔗 References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 Exploit,Issue Tracking,Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32183, you might also want to check these: