CVE-2013-2231 — Unquoted Search Path or Element in Redhat Enterprise Linux

CWE-399 CWE-428 — Unquoted Search Path or Element7 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Enterprise Linux Desktop Supplementary Redhat Enterprise Linux Server Supplementary +1 more

Timeline

PublishedOct 1

Latest updateMay 14

Description

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDredhat/enterprise_linux_desktop_supplementary6.0

▶NVDredhat/enterprise_linux_workstation_supplementary6.0

Also affects: Enterprise Linux 6.0, 6.4, 6.4.z

🔴Vulnerability Details

GHSA

GHSA-2v34-6f5w-w54r: Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6↗2022-05-14

▶

CVEList

CVE-2013-2231: Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6↗2013-10-01

▶

📋Vendor Advisories

Red Hat

qemu: qemu-ga win32 service unquoted search path↗2013-07-22

▶

Debian

CVE-2013-2231: qemu - Unquoted Windows search path vulnerability in the QEMU Guest Agent service for R...↗2013

▶

💬Community

Bugzilla

qemu: CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path [fedora-all]↗2013-07-22

▶

Bugzilla

CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path↗2013-07-03

▶