Vulnerability Description
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Virtualization | < 3.5.6 |
| Redhat | Enterprise Virtualization Hypervisor | >= 6-6.0, < 6-6.7-20151117.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2015-5201Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1253882Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1273144Issue TrackingVendor Advisory
- https://rhn.redhat.com/errata/RHEA-2015-2527.htmlVendor Advisory
- https://access.redhat.com/security/cve/cve-2015-5201Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1253882Issue TrackingVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1273144Issue TrackingVendor Advisory
- https://rhn.redhat.com/errata/RHEA-2015-2527.htmlVendor Advisory
FAQ
What is CVE-2015-5201?
CVE-2015-5201 is a vulnerability with a CVSS score of 7.5 (HIGH). VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3....
How severe is CVE-2015-5201?
CVE-2015-5201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5201?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Virtualization, Redhat Enterprise Virtualization Hypervisor.