7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.4%
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of “verify-peer=no” passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
www.debian.org/security/2017/dsa-4003
access.redhat.com/security/cve/CVE-2017-1000256
www.mail-archive.com/[email protected]/msg1556251.html
www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html