Vulnerability Details CVE-2017-15114
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- http://www.securityfocus.com/bid/101971
- https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31
- http://www.securityfocus.com/bid/101971
- https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31
Products affected by CVE-2017-15114
-
cpe:2.3:a:redhat:openstack_platform:12.0