CVE-2011-1773

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
matthew_boothvirt-v2v
𝑥
≤ 0.8.3
matthew_boothvirt-v2v
0.1.0
matthew_boothvirt-v2v
0.2.0
matthew_boothvirt-v2v
0.3.0
matthew_boothvirt-v2v
0.3.2
matthew_boothvirt-v2v
0.4.0
matthew_boothvirt-v2v
0.4.9
matthew_boothvirt-v2v
0.4.10
matthew_boothvirt-v2v
0.5.0
matthew_boothvirt-v2v
0.5.1
matthew_boothvirt-v2v
0.5.2
matthew_boothvirt-v2v
0.5.3
matthew_boothvirt-v2v
0.5.4
matthew_boothvirt-v2v
0.6.0
matthew_boothvirt-v2v
0.6.1
matthew_boothvirt-v2v
0.6.2
matthew_boothvirt-v2v
0.6.3
matthew_boothvirt-v2v
0.7.0
matthew_boothvirt-v2v
0.7.1
matthew_boothvirt-v2v
0.8.0
matthew_boothvirt-v2v
0.8.1
matthew_boothvirt-v2v
0.8.2
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2011-1615.html
http://secunia.com/advisories/47086
http://www.osvdb.org/77558
https://bugzilla.redhat.com/show_bug.cgi?id=702754
https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1
http://rhn.redhat.com/errata/RHSA-2011-1615.html
http://secunia.com/advisories/47086
http://www.osvdb.org/77558
https://bugzilla.redhat.com/show_bug.cgi?id=702754
https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1