CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
73.3%
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3
checks for the connect:read permission instead of the connect:write
permission, which allows attackers to gain domain:write privileges and
execute Qemu binaries via crafted XML. NOTE: some of these details are
obtained from third party information.
Author | Note |
---|---|
mdeslaur | introduced in 1.1.0 |