When libvirtd is configured by OSP director (tripleo-heat-templates) to use TLS transport, it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured, this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
Find out more about CVE-2017-15114 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Adjacent Network |
| Attack Complexity | High |
| Privileges Required | High |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenStack Platform 12.0 | rhosp-director | Not affected |
| Red Hat OpenStack Platform 11.0 (Ocata) | rhosp-director | Not affected |
| Red Hat OpenStack Platform 10 | rhosp-director | Not affected |
| OpenStack 9.0 Director for RHEL 7 | rhosp-director | Not affected |
| OpenStack 8.0 Director for RHEL 7 | rhosp-director | Not affected |
| OpenStack 7.0 Director for RHEL 7 | rhosp-director | Not affected |
Vulmon