Vulnerability Details : CVE-2007-0998
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
Products affected by CVE-2007-0998
- cpe:2.3:a:xen:qemu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0998
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0998
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-0998
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0998
-
http://www.securitytracker.com/id?1017764
-
http://www.vupen.com/english/advisories/2007/1019
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/1021
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/1020
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
[security-announce] openSUSE-SU-2012:1572-1: important: XEN: security an
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[security-announce] SUSE-SU-2014:0446-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
[security-announce] openSUSE-SU-2012:1573-1: important: XEN: security an
-
http://rhn.redhat.com/errata/RHSA-2007-0114.html
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486
-
http://www.securityfocus.com/bid/22967
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33085
Jump to