CVE-2015-5201

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
redhatenterprise_virtualization
𝑥
< 3.5.6
redhatenterprise_virtualization_hypervisor
6-6.0 ≤
𝑥
< 6-6.7-20151117.0
redhatenterprise_virtualization_hypervisor
7-7.0 ≤
𝑥
< 7-7.2-20151119.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2015-5201
https://bugzilla.redhat.com/show_bug.cgi?id=1253882
https://bugzilla.redhat.com/show_bug.cgi?id=1273144
https://rhn.redhat.com/errata/RHEA-2015-2527.html
https://access.redhat.com/security/cve/cve-2015-5201
https://bugzilla.redhat.com/show_bug.cgi?id=1253882
https://bugzilla.redhat.com/show_bug.cgi?id=1273144
https://rhn.redhat.com/errata/RHEA-2015-2527.html