When libvirtd is configured by OSP director (tripleo-heat-templates) to use TLS transport, it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured, this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
Find out more about CVE-2017-15114 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 7.6 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Attack Vector | Adjacent Network |
Attack Complexity | High |
Privileges Required | High |
User Interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat OpenStack Platform 12.0 | rhosp-director | Not affected |
Red Hat OpenStack Platform 11.0 (Ocata) | rhosp-director | Not affected |
Red Hat OpenStack Platform 10 | rhosp-director | Not affected |
OpenStack 9.0 Director for RHEL 7 | rhosp-director | Not affected |
OpenStack 8.0 Director for RHEL 7 | rhosp-director | Not affected |
OpenStack 7.0 Director for RHEL 7 | rhosp-director | Not affected |