CVE-2013-2152 — Unquoted Search Path or Element in Redhat Enterprise Virtualization

CWE-428 — Unquoted Search Path or Element5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedJan 21

Latest updateMay 17

Description

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization3.2

🔴Vulnerability Details

GHSA

GHSA-2r5w-8r8w-hxph: Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3↗2022-05-17

▶

CVEList

CVE-2013-2152: Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3↗2014-01-21

▶

📋Vendor Advisories

Red Hat

rhevm: spice service unquoted search path↗2013-06-10

▶

💬Community

Bugzilla

CVE-2013-2152 rhevm: spice service unquoted search path↗2013-06-05

▶