Main Vulnerability Database Vulnerabilities #VU12543

#VU12543 Information disclosure in Xen - CVE-2018-10472

Published: May 9, 2018 / Updated: May 10, 2018

Vulnerability identifier: #VU12543

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10472

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

Remediation

Install update from vendor's website.

External links

https://xenbits.xen.org/xsa/advisory-258.html

#VU12543 Information disclosure in Xen - CVE-2018-10472

Description

Remediation

External links

Please verify you're human