Skip to main content

Openstack Platform CVE-2017-15114

HIGH
Improper Certificate Validation (CWE-295)
2017-11-27 secalert@redhat.com
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 27, 2017 - 16:29 cve.org
HIGH 8.1

DescriptionCVE.org

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.

AnalysisAI

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-295. When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. Affected products include: Redhat Openstack Platform.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2022-2132 HIGH POC
8.6 Aug 31

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote

CVE-2022-2447 MEDIUM POC
6.6 Sep 01

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public explo

CVE-2020-25658 MEDIUM POC
5.9 Nov 12

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vuln

CVE-2020-10731 CRITICAL
9.9 Jul 31

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SEL

CVE-2023-1625 MEDIUM POC
5.0 Sep 24

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely e

CVE-2022-0718 MEDIUM POC
4.9 Aug 29

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low

CVE-2023-1668 HIGH
8.2 Apr 10

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no au

CVE-2024-8007 HIGH
8.1 Aug 21

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated hig

CVE-2022-23451 HIGH
8.1 Sep 06

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely ex

CVE-2023-5625 HIGH
7.5 Nov 01

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, r

CVE-2023-1108 HIGH
7.5 Sep 14

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

Share

CVE-2017-15114 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy