CVE-2012-0861

CWE-310CWE-295 โ€” Improper Certificate Validation5 documents5 sources
Severity
6.8MEDIUM
EPSS
0.5%
top 32.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization Manager
Timeline
PublishedJan 4
Latest updateMay 17

Description

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.

CVSS vector

AV:A/AC:H/C:C/I:C/A:CExploitability: 3.2 | Impact: 10.0

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-9gfq-v95v-9hrx: The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3โ†—2022-05-17
โ–ถ
CVEList
CVE-2012-0861: The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3โ†—2013-01-04
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
rhev: vds_installer is prone to MITM when downloading 2nd stage installerโ†—2012-12-04
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2012-0861 rhev: vds_installer is prone to MITM when downloading 2nd stage installerโ†—2012-02-15
โ–ถ
CVE-2012-0861 (MEDIUM CVSS 6.8) | The vds_installer in Red Hat Enterp | cvebase.io