CVE-2013-6434

CWE-264CWE-3005 documents5 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 47.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Virtualization Manager
Timeline
PublishedJan 24
Latest updateMay 17

Description

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fqrm-v269-v375: The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32022-05-17
CVEList
CVE-2013-6434: The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 32014-01-24

📋Vendor Advisories

1
Red Hat
rhev: remote-viewer spice tls-stripping issue2014-01-21

💬Community

1
Bugzilla
CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue2013-12-10
CVE-2013-6434 (MEDIUM CVSS 4.3) | The remote-viewer in Red Hat Enterp | cvebase.io