[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1773Date: (C)2014-02-11   (M)2023-12-22


virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-47086
OSVDB-77558
RHSA-2011:1615
https://bugzilla.redhat.com/show_bug.cgi?id=702754
https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1

CPE    22
cpe:/a:matthew_booth:virt-v2v
cpe:/a:matthew_booth:virt-v2v:0.5.4
cpe:/a:matthew_booth:virt-v2v:0.6.3
cpe:/a:matthew_booth:virt-v2v:0.8.1
...
CWE    1
CWE-255
OVAL    2
oval:org.secpod.oval:def:500166
oval:org.secpod.oval:def:1504310

© SecPod Technologies