CVE-2017-2637
CRITICALRed Hat OpenStack Platform - Unauthenticated Libvirtd Access via Live-Migration Configuration
Title source: llmDescription
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1546
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1537
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98576
Vendor Advisory x_refsource_confirm
https://wiki.openstack.org/wiki/OSSN/OSSN-0007
Mitigation, Vendor Advisory x_refsource_confirm
https://access.redhat.com/solutions/3022771
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1242
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1504
Scores
CVSS v3
9.9
EPSS
0.0478
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-306
Status
published
Products (4)
redhat/openstack
7.0
redhat/openstack
8
redhat/openstack
9
redhat/openstack
10
Published
Jul 26, 2018
Tracked Since
Feb 18, 2026