Vulnerability Details : CVE-2013-4536
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Products affected by CVE-2013-4536
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Threat overview for CVE-2013-4536
Top countries where our scanners detected CVE-2013-4536
Top open port discovered on systems with this issue
22
IPs affected by CVE-2013-4536 1
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-4536!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-4536
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2013-4536
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: secalert@redhat.com (Primary)
References for CVE-2013-4536
-
https://security.netapp.com/advisory/ntap-20210727-0002/
CVE-2013-4536 QEMU Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1066401
1066401 – (CVE-2013-4535, CVE-2013-4536) CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mappingIssue Tracking;Patch;Third Party Advisory
Jump to