Vulnerability Details CVE-2011-1773
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.6%
CVSS Severity
CVSS v2 Score 4.4
References
- http://rhn.redhat.com/errata/RHSA-2011-1615.html
- http://secunia.com/advisories/47086
- http://www.osvdb.org/77558
- https://bugzilla.redhat.com/show_bug.cgi?id=702754
- https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1
- http://rhn.redhat.com/errata/RHSA-2011-1615.html
- http://secunia.com/advisories/47086
- http://www.osvdb.org/77558
- https://bugzilla.redhat.com/show_bug.cgi?id=702754
- https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1
Products affected by CVE-2011-1773
-
cpe:2.3:a:matthew_booth:virt-v2v:0.1.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.2.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.3.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.3.2
-
cpe:2.3:a:matthew_booth:virt-v2v:0.4.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.4.10
-
cpe:2.3:a:matthew_booth:virt-v2v:0.4.9
-
cpe:2.3:a:matthew_booth:virt-v2v:0.5.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.5.1
-
cpe:2.3:a:matthew_booth:virt-v2v:0.5.2
-
cpe:2.3:a:matthew_booth:virt-v2v:0.5.3
-
cpe:2.3:a:matthew_booth:virt-v2v:0.5.4
-
cpe:2.3:a:matthew_booth:virt-v2v:0.6.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.6.1
-
cpe:2.3:a:matthew_booth:virt-v2v:0.6.2
-
cpe:2.3:a:matthew_booth:virt-v2v:0.6.3
-
cpe:2.3:a:matthew_booth:virt-v2v:0.7.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.7.1
-
cpe:2.3:a:matthew_booth:virt-v2v:0.8.0
-
cpe:2.3:a:matthew_booth:virt-v2v:0.8.1
-
cpe:2.3:a:matthew_booth:virt-v2v:0.8.2
-
cpe:2.3:a:matthew_booth:virt-v2v:0.8.3
-
cpe:2.3:o:redhat:enterprise_linux:6.0