Vulnerability Details : CVE-2017-2637
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.
Products affected by CVE-2017-2637
- cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2637
0.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2637
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST | |
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
3.1
|
6.0
|
Red Hat, Inc. |
CWE ids for CVE-2017-2637
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2017-2637
-
https://access.redhat.com/solutions/3022771
Red Hat OpenStack Platform director (TripleO) CVE-2017-2637 bug and Red Hat OpenStack Platform - Red Hat Customer PortalMitigation;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637
1428240 – (CVE-2017-2637) CVE-2017-2637 rhosp-director:libvirtd is deployed with no authenticationIssue Tracking;Mitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/98576
Red Hat OpenStack Platform CVE-2017-2637 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1546
RHSA-2017:1546 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1504
RHSA-2017:1504 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1242
RHSA-2017:1242 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1537
RHSA-2017:1537 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://wiki.openstack.org/wiki/OSSN/OSSN-0007
OSSN/OSSN-0007 - OpenStackVendor Advisory
Jump to