Skip to main content

Xenserver CVE-2017-5572

MEDIUM
Improper Privilege Management (CWE-269)
2017-01-30 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 30, 2017 - 16:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

AnalysisAI

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. Affected products include: Citrix Xenserver. Version information: through 7.0..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2015-7705 CRITICAL
9.8 Aug 07

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified

CVE-2018-8897 HIGH POC
7.8 May 08

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa

CVE-2015-7704 HIGH
7.5 Aug 07

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service v

CVE-2014-4947 CRITICAL
10.0 Jul 22

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified i

CVE-2016-5302 CRITICAL
9.8 Jun 13

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow re

CVE-2018-14007 CRITICAL
9.8 Aug 15

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2017-12134 HIGH
8.8 Aug 24

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt bloc

CVE-2016-9383 HIGH
8.8 Jan 23

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently ob

CVE-2016-6258 HIGH
8.8 Aug 02

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain h

CVE-2016-3710 HIGH
8.8 May 11

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS

CVE-2017-12135 HIGH
8.8 Aug 24

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain pr

Share

CVE-2017-5572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy