CVE-2011-1773 — Booth Virt-v2v vulnerability

CWE-2554 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 83.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matthew Booth Virt-v2v Redhat Enterprise Linux

Timeline

PublishedFeb 8

Latest updateMay 14

Description

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDmatthew_booth/virt-v2v0.8.3+21

Also affects: Enterprise Linux 6.0

Patches

Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-pv82-4539-jh36: virt-v2v before 0↗2022-05-14

▶

📋Vendor Advisories

Red Hat

virt-v2v: vnc password protection is missing after vm conversion↗2010-01-23

▶

💬Community

Bugzilla

CVE-2011-1773 virt-v2v: vnc password protection is missing after vm conversion↗2011-05-06

▶