CVE-2015-5201 - OpenCVE

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Virtualization Hypervisor Enterprise Virtualization

Configuration 1 [-]

OR	cpe:2.3:a:redhat:enterprise_virtualization::::::::
	cpe:2.3:a:redhat:enterprise_virtualization_hypervisor::::::::
	cpe:2.3:a:redhat:enterprise_virtualization_hypervisor::::::::

References

Link	Resource
https://access.redhat.com/security/cve/cve-2015-5201	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1253882	Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1273144	Issue Tracking Vendor Advisory
https://rhn.redhat.com/errata/RHEA-2015-2527.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-25T20:16:02

Updated: 2020-02-25T20:16:02

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5201

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-25T21:15:10.750

Modified: 2023-02-13T00:51:33.093

Link: CVE-2015-5201

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "E448B3E1-42A5-48E3-9F6E-A5C4FAC7C3C2", "versionEndExcluding": "3.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE31D534-0B91-48EA-BEFB-4C23BB7FA348", "versionEndExcluding": "6-6.7-20151117.0", "versionStartIncluding": "6-6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDAA94DE-A71F-4FFA-8DE8-453B249D3F19", "versionEndExcluding": "7-7.2-20151119.0", "versionStartIncluding": "7-7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors."}, {"lang": "es", "value": "VDSM y libvirt en Red Hat Enterprise Virtualization Hypervisor (tambi\u00e9n se conoce como RHEV-H) versiones 7-7.x anteriores a 7-7.2-20151119.0 y versiones 6-6.x anteriores a 6-6.7-20151117.0, como es paquetizado en Red Hat Enterprise Virtualization versiones anteriores a 3.5.6, cuando VSDM se ejecuta con -spice disable-ticketing y una VM es suspendida y luego restaurada, permite a atacantes remotos iniciar sesi\u00f3n sin autenticaci\u00f3n por medio de vectores no especificados."}], "id": "CVE-2015-5201", "lastModified": "2023-02-13T00:51:33.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-25T21:15:10.750", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2015-5201"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253882"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273144"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHEA-2015-2527.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}