Back to CVE Browser

CVE-2017-2637

CRITICAL

9.9

CVSS Severity Score

EPSS Score0.0200%

EPSS Percentile0.50th

PublishedJul 26, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.

Affected Platforms (CPE)

📦

Redhat

Openstack

= 7.0

📦

Redhat

Openstack

= 8

📦

Redhat

Openstack

= 9

📦

Redhat

Openstack

= 10

References & Advisories

🔗 http://www.securityfocus.com/bid/98576

🔗 https://access.redhat.com/errata/RHSA-2017:1242

🔗 https://access.redhat.com/errata/RHSA-2017:1504

🔗 https://access.redhat.com/errata/RHSA-2017:1537

🔗 https://access.redhat.com/errata/RHSA-2017:1546

🔗 https://access.redhat.com/solutions/3022771

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637

🔗 https://wiki.openstack.org/wiki/OSSN/OSSN-0007

Related Vulnerabilities

CVE-2015-184210.0

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for th...

CVE-2020-269439.9

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboar...

CVE-2020-107319.9

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabl...

CVE-2012-44069.8

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loadin...