Описание
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-3252
- https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories
- http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E
- http://www.securityfocus.com/archive/1/537459/100/0/threaded
Связанные уязвимости
CVSS3: 9.8
nvd
почти 10 лет назад
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.