CVE-2017-15114
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
9,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0070
Percentile
0,7th
Updated
EPSS Score Trend (Last 91 Days)
295
Improper Certificate Validation
DraftCommon Consequences
Security Scopes Affected:
Integrity
Authentication
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Openstack Platform by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:a:redhat:openstack_platform:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=9949…
http://www.securityfocus.com/bid/101971
https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=9949…
http://www.securityfocus.com/bid/101971