Authentication Bypass in Red Hat Virtualization Hypervisor
CVE-2015-5201

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Enterprise Virtualization Hypervisor (aka Rhev-h)
Vendor
CVE Published:
25 February 2020

Summary

A vulnerability exists in the VDSM and libvirt components of Red Hat Enterprise Virtualization Hypervisor, enabling remote attackers to bypass authentication when specific configurations, such as disabling ticketing, are employed during suspended VM restoration. This flaw can lead to unauthorized access, exposing sensitive systems to potential exploitation.

Affected Version(s)

Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1253882
x_refsource_MISC
https://rhn.redhat.com/errata/RHEA-2015-2527.html
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1273144
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.