cnvd - cnvd-2017-24390

CNVD-2017-24390

Vulnerability from cnvd - Published: 2017-09-02

Title

Red Hat Enterprise Virtualization Manager存在未明漏洞

Description

Red Hat Enterprise Virtualization（RHEV）Manager是美国红帽（Red Hat）公司的RHEV（企业虚拟化平台）的核心组件。该组件包含KVM工具，提供虚拟化管理功能。 Red Hat Enterprise Virtualization Manager 3.6及之前的版本中存在安全漏洞。远程攻击者可利用该漏洞与被限制的系统进行交互。

Severity

低

Patch Name

Red Hat Enterprise Virtualization Manager存在未明漏洞的补丁

Patch Description

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页及时更新： https://access.redhat.com/security/cve/CVE-2015-5293

Reference

https://nvd.nist.gov/vuln/detail/CVE-2015-5293

Impacted products

Name
Red Hat Enterprise Virtualization Manager <=3.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5293"
    }
  },
  "description": "Red Hat Enterprise Virtualization\uff08RHEV\uff09Manager\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684RHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u6838\u5fc3\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u5305\u542bKVM\u5de5\u5177\uff0c\u63d0\u4f9b\u865a\u62df\u5316\u7ba1\u7406\u529f\u80fd\u3002\r\n\r\nRed Hat Enterprise Virtualization Manager 3.6\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0e\u88ab\u9650\u5236\u7684\u7cfb\u7edf\u8fdb\u884c\u4ea4\u4e92\u3002",
  "discovererName": "Red Hat",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://access.redhat.com/security/cve/CVE-2015-5293",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-24390",
  "openTime": "2017-09-02",
  "patchDescription": "Red Hat Enterprise Virtualization\uff08RHEV\uff09Manager\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684RHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u6838\u5fc3\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u5305\u542bKVM\u5de5\u5177\uff0c\u63d0\u4f9b\u865a\u62df\u5316\u7ba1\u7406\u529f\u80fd\u3002\r\n\r\nRed Hat Enterprise Virtualization Manager 3.6\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0e\u88ab\u9650\u5236\u7684\u7cfb\u7edf\u8fdb\u884c\u4ea4\u4e92\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat Enterprise Virtualization Manager\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat Enterprise Virtualization Manager \u003c=3.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2015-5293",
  "serverity": "\u4f4e",
  "submitTime": "2017-08-25",
  "title": "Red Hat Enterprise Virtualization Manager\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2015-5293 (GCVE-0-2015-5293)

Vulnerability from cvelistv5 – Published: 2017-08-24 20:00 – Updated: 2024-08-06 06:41

Summary

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2015-5293	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1267714	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2015-5293"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267714"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when \"boot protocol\" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-24T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2015-5293"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267714"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5293",
    "datePublished": "2017-08-24T20:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-24390

CVE-2015-5293 (GCVE-0-2015-5293)

Tags

Sightings

Nomenclature