CVE-2017-2637

Impact:
Important
Public Date:
2017-05-17
CWE:
CWE-306
Bugzilla:
1428240: CVE-2017-2637 rhosp-director:libvirtd is deployed with no authentication
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.

Find out more about CVE-2017-2637 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 9.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
OpenStack 8.0 Director for RHEL 7 RHSA-2017:1546 2017-06-20
OpenStack 9.0 Director for RHEL 7 RHSA-2017:1504 2017-06-19
OpenStack 7.0 Director for RHEL 7 RHSA-2017:1537 2017-06-20
Red Hat OpenStack Platform 10 RHSA-2017:1242 2017-05-17
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

This issue was discovered by David Gurtner (Red Hat).

Mitigation

A KCS article with more details on this flaw is available at: https://access.redhat.com/solutions/3022771

External References

Last Modified