CVE-2020-23793

HIGH

Redhat VDI <0.14.0-6.el7_6.1.x86_64 - Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.

Scores

CVSS v3 8.6
EPSS 0.0072
EPSS Percentile 49.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
spice-space/spice-server 0.14.0-6el7_6.1
Published Aug 22, 2023
Tracked Since Feb 18, 2026