CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
47.1%
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support
the password option in grub.conf for para-virtualized guests, which allows
attackers with access to the para-virtualized guest console to boot the
guest or modify the guest’s kernel boot parameters without providing the
expected password.