CVE-2013-2176 — Unquoted Search Path or Element in Redhat Enterprise Virtualization

CWE-399 CWE-428 — Unquoted Search Path or Element11 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedAug 28

Latest updateMay 17

Description

Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization3.0, 3.2+1

🔴Vulnerability Details

GHSA

GHSA-r66r-pgpw-cf3r: Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-i↗2022-05-17

▶

CVEList

CVE-2013-2176: Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-i↗2013-08-28

▶

💥Exploits & PoCs

Exploit-DB

Belkin Wemo - Arbitrary Firmware Upload↗2013-04-08

▶

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

Metasploit

Microsoft Exchange ProxyLogon Scanner↗

▶

Metasploit

Microsoft Exchange ProxyShell RCE↗

▶

Metasploit

Microsoft Exchange ProxyLogon RCE↗

▶

📋Vendor Advisories

Red Hat

rhev-m: rhev-apt service unquoted search path↗2013-07-31

▶

💬Community

Bugzilla

CVE-2013-6495 JBossWeb Bayeux: Reflected Cross-Site Scripting (XSS)↗2014-02-19

▶

Bugzilla

CVE-2013-2176 rhev-m: rhev-apt service unquoted search path↗2013-06-13

▶