CVE-2014-8170
HIGHovirt-node 3.0.0-474-gb852fd7 - Authenticated Command Injection via Unquoted Input String
Title source: llmDescription
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1194745
Scores
CVSS v3
8.8
EPSS
0.0351
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-134
Status
published
Products (1)
ovirt/ovirt-node
3.0.0-474-gb852fd7
Published
Sep 26, 2017
Tracked Since
Feb 18, 2026