PT-2019-6504 · Red Hat · Rhev-M Vdc+1
Yaniv Kaul
·
Publicado
2019-11-09
·
Atualizado
2019-11-12
·
CVE-2009-3552
CVSS v2.0
2.9
Baixa
| Vetor | AV:A/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
RHEV-M VDC version 2.2.0
Description
The issue is related to the lack of SSL certificate verification when using the client-side Red Hat Enterprise Virtualization Manager interface to connect to the Red Hat Enterprise Virtualization Manager. This could allow an attacker on the local network to conduct a man-in-the-middle attack, potentially tricking the user into viewing attacker-controlled content or modifying user-requested actions.
Recommendations
For RHEV-M VDC version 2.2.0, consider disabling the use of the client-side Red Hat Enterprise Virtualization Manager interface until a patch is available to verify SSL certificates and prevent man-in-the-middle attacks. Restrict access to the Red Hat Enterprise Virtualization Manager to minimize the risk of exploitation.
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rhev-M Vdc
Red Hat Enterprise Virtualization Manager