CVE-2017-2637

Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack Platform director (affected versions not specified)

Description: A design flaw issue was found in the use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default listening on 0.0.0.0 with no authentication or encryption. This allows anyone who can make a TCP connection to any compute host IP address to open a virsh session to the libvirtd instance, potentially gaining control of virtual machine instances or taking over the host.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.