Main Vulnerability Database Vulnerabilities #VU14474

#VU14474 Path traversal in Xen - CVE-2018-14007

Published: August 21, 2018

Vulnerability identifier: #VU14474

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14007

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to path traversal. An adjacent attacker can conduct directory traversal attack and read arbitrary files from the dom0 filesystem including the pool secret /etc/xensource/ptoken which grants the attacker full administrator.

Remediation

Install update from vendor's website.

External links

http://xenbits.xen.org/xsa/advisory-271.html

#VU14474 Path traversal in Xen - CVE-2018-14007

Description

Remediation

External links

Please verify you're human