Lucene search

[email protected]NVD:CVE-2012-0861

HistoryJan 04, 2013 - 10:55 p.m.

CVE-2012-0861

2013-01-0422:55:01

CWE-310

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.

Affected configurations

NVD

Node

redhatenterprise_virtualization_managerRange≤3.0

redhatenterprise_virtualization_managerMatch2.1

redhatenterprise_virtualization_managerMatch2.2

redhatenterprise_virtualization_managerMatch2.2.3

References

rhn.redhat.com/errata/RHSA-2012-1505.html

rhn.redhat.com/errata/RHSA-2012-1506.html

rhn.redhat.com/errata/RHSA-2012-1508.html

www.securityfocus.com/bid/56825

www.securitytracker.com/id?1027838

exchange.xforce.ibmcloud.com/vulnerabilities/80544

6.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for NVD:CVE-2012-0861

cvelist1 cve1 prion1 redhat3 nessus3