CVE-2017-2637Missing Authentication for Critical Function in Redhat Openstack

CWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
10.0CRITICALNVD
CNA9.9
EPSS
0.4%
top 39.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedJul 26
Latest updateMay 13

Description

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

NVDredhat/openstack4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-w8fq-h7pg-632c: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration2022-05-13
CVEList
CVE-2017-2637: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration2018-07-26

📋Vendor Advisories

1
Red Hat
rhosp-director: libvirtd is deployed with no authentication2017-05-17

💬Community

1
Bugzilla
CVE-2017-2637 rhosp-director:libvirtd is deployed with no authentication2017-03-02
CVE-2017-2637 — Redhat Openstack vulnerability | cvebase