CVE-2019-10161
Severity
7.8HIGH
EPSS
0.3%
top 50.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 30
Latest updateMay 24
Description
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Ubuntu Linux 14.04, Enterprise Linux 6.0, 7.0, 8.0