7.8

CVE-2013-4536

EPSS 0.04%
Published 28.05.2021 17:15:07
Last modified 21.11.2024 01:55:47
Source secalert@redhat.com
Teams watchlist Login
Open Login

An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version < 1.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://bugzilla.redhat.com/show_bug.cgi?id=1066401

Patch

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20210727-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-4536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4536

EUVD