CVE-2015-5201

Description

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

References

Link	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1253882	issue tracking vendor advisory
https://rhn.redhat.com/errata/RHEA-2015-2527.html	vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1273144	issue tracking vendor advisory
https://access.redhat.com/security/cve/cve-2015-5201	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2015-5201?: CVE-2015-5201 has been scored as a high severity vulnerability.
How to fix CVE-2015-5201?: To fix CVE-2015-5201, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-5201 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2015-5201 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2015-5201?: CVE-2015-5201 affects RedHat Enterprise Virtualization Hypervisor (aka RHEV-H).

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-306 – Missing Authentication for Critical Function

References

Frequently Asked Questions