Lucene search

K

[email protected]NVD:CVE-2018-10472

HistoryApr 27, 2018 - 3:29 p.m.

CVE-2018-10472

2018-04-2715:29:00

CWE-200

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

Affected configurations

NVD

Node

xenxenRange≤4.10.1x86

Node

debiandebian_linuxMatch9.0

References

www.securityfocus.com/bid/104002

lists.debian.org/debian-lts-announce/2018/10/msg00021.html

security.gentoo.org/glsa/201810-06

www.debian.org/security/2018/dsa-4201

xenbits.xen.org/xsa/advisory-258.html

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Related for NVD:CVE-2018-10472

debiancve1 nessus15 cve1 prion1 xen1 cvelist1 redhatcve1 osv3 ubuntucve1 suse7 openvas19 debian2 fedora9 gentoo1