CVE-2012-2693
libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
Severity Score
9.8
*CVSS v3
Exploit Likelihood
< 1%
*EPSS
Affected Versions
67
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las máquinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificación de producto, lo que podría provocar que el dispositivo equivocado sea asociado con un invitado lo que podría podría permitir a usuarios locales acceder a los dispositivos USB no deseados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-14 CVE Reserved
- 2012-06-17 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
1 - 2 of 2
| URL | Date | SRC |
|---|