{"api_version":"1","generated_at":"2026-04-22T21:38:53+00:00","cve":"CVE-2020-13776","urls":{"html":"https://cve.report/CVE-2020-13776","api":"https://cve.report/api/cve/CVE-2020-13776.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-13776","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-13776"},"summary":{"title":"CVE-2020-13776","description":"systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-06-03 03:15:00","updated_at":"2023-11-07 03:16:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/","name":"FEDORA-2020-2faf839786","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: systemd-245.7-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/systemd/systemd/issues/15985","name":"https://github.com/systemd/systemd/issues/15985","refsource":"MISC","tags":["Third Party Advisory"],"title":"User names beginning with 0x being interpreted as user identifiers · Issue #15985 · systemd/systemd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200611-0003/","name":"https://security.netapp.com/advisory/ntap-20200611-0003/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-13776 Systemd Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/","name":"FEDORA-2020-2faf839786","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: systemd-245.7-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-13776","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13776","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"245","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"freedesktop","cpe5":"systemd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13776","vulnerable":"1","versionEndIncluding":"245","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"systemd_project","cpe5":"systemd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-13776","qid":"159197","title":"Oracle Enterprise Linux Security Update for systemd (ELSA-2021-1611)"},{"cve":"CVE-2020-13776","qid":"239327","title":"Red Hat Update for systemd (RHSA-2021:1611)"},{"cve":"CVE-2020-13776","qid":"239693","title":"Red Hat Update for systemd (RHSA-2021:3900)"},{"cve":"CVE-2020-13776","qid":"354074","title":"Amazon Linux Security Advisory for systemd : ALAS2-2022-1854"},{"cve":"CVE-2020-13776","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2020-13776","qid":"900080","title":"CBL-Mariner Linux Security Update for systemd 239"},{"cve":"CVE-2020-13776","qid":"903506","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (1793)"},{"cve":"CVE-2020-13776","qid":"940184","title":"AlmaLinux Security Update for systemd (ALSA-2021:1611)"},{"cve":"CVE-2020-13776","qid":"960704","title":"Rocky Linux Security Update for systemd (RLSA-2021:1611)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-13776","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/systemd/systemd/issues/15985","refsource":"MISC","name":"https://github.com/systemd/systemd/issues/15985"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200611-0003/","url":"https://security.netapp.com/advisory/ntap-20200611-0003/"},{"refsource":"FEDORA","name":"FEDORA-2020-2faf839786","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/"}]}},"nvd":{"publishedDate":"2020-06-03 03:15:00","lastModifiedDate":"2023-11-07 03:16:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.2},"severity":"MEDIUM","exploitabilityScore":1.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","versionEndIncluding":"245","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"13776","Ordinal":"174965","Title":"CVE-2020-13776","CVE":"CVE-2020-13776","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"13776","Ordinal":"1","NoteData":"systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"13776","Ordinal":"2","NoteData":"2020-06-02","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"13776","Ordinal":"3","NoteData":"2020-07-30","Type":"Other","Title":"Modified"}]}}}