7.8

CVE-2013-4536

EPSS 0.04%
Veröffentlicht 28.05.2021 17:15:07
Zuletzt bearbeitet 21.11.2024 01:55:47
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qemu ≫ Qemu Version < 1.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1066401

Patch

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20210727-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-4536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4536

EUVD