6.2 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Neil Wilson discovered that if VNC passwords were blank in QEMU
configurations, access to VNC sessions was allowed without a password
instead of being disabled. A remote attacker could connect to running
VNC sessions of QEMU and directly control the system. By default, QEMU
does not start VNC sessions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | qemu-kvm | < 0.11.0-0ubuntu6.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.11.0+0ubuntu6.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | qemu | < 0.11.0-0ubuntu6.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | qemu-arm-static | < 0.11.0-0ubuntu6.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | qemu-kvm-extras | < 0.11.0-0ubuntu6.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | kvm | < 0.11.0-0ubuntu6.4 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-kvm | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.12.5+noroms+0ubuntu7.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-arm-static | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |