Skip to main content

Enterprise Mrg CVE-2014-3706

MEDIUM
Improper Certificate Validation (CWE-295)
2017-10-18 secalert@redhat.com
5.9
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 18, 2017 - 14:29 cve.org
MEDIUM 5.9

DescriptionCVE.org

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

AnalysisAI

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-295. ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Affected products include: Redhat Enterprise Mrg.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-1892 MEDIUM POC
6.0 Oct 01

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo

CVE-2014-3673 HIGH POC
7.5 Nov 10

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system

CVE-2014-3687 HIGH POC
7.5 Nov 10

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through

CVE-2020-10757 HIGH POC
7.8 Jun 09

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high seve

CVE-2016-3699 HIGH POC
7.4 Oct 07

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure

CVE-2013-3301 HIGH POC
7.2 Apr 29

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer

CVE-2012-2734 MEDIUM POC
6.8 Sep 28

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messa

CVE-2019-3459 MEDIUM POC
6.5 Apr 11

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated

CVE-2013-1773 MEDIUM POC
6.2 Feb 28

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileg

CVE-2012-2681 MEDIUM POC
5.8 Sep 28

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random nu

CVE-2015-1350 MEDIUM POC
5.5 May 02

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that undersp

CVE-2020-12826 MEDIUM POC
5.3 May 12

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severi

Share

CVE-2014-3706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy