Openstack Platform
CVE-2017-15114
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
AnalysisAI
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-295. When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. Affected products include: Redhat Openstack Platform.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Openstack Platform
View allThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote
A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public explo
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vuln
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SEL
An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely e
A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low
A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no au
A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated hig
An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely ex
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, r
A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today