CVE-2012-3533
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.
El SDK de Python antes de v3.1.0.6 y v3.1.0.8 y CLI antes de v3.1.0.8 para oVirt v3.1 no comprueban el certificado SSL de servidor contra las claves de cliente, lo que permite a atacantes remotos falsificar un servidor a través de un ataque man-in-the-middle (MITM).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-06-14 CVE Reserved
- 2012-08-31 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://gerrit.ovirt.org/#/c/7209 | X_refsource_confirm | |
| http://gerrit.ovirt.org/#/c/7249 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/08/24/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/08/26/1 | Mailing List |
|
| http://www.securityfocus.com/bid/55208 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=851672 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77984 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/50409 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ovirt Search vendor "Ovirt" | Ovirt Search vendor "Ovirt" for product "Ovirt" | 3.1 Search vendor "Ovirt" for product "Ovirt" and version "3.1" | - |
Affected
| ||||||
| Ovirt Search vendor "Ovirt" | Ovirt-engine-cli Search vendor "Ovirt" for product "Ovirt-engine-cli" | <= 3.1.0.5 Search vendor "Ovirt" for product "Ovirt-engine-cli" and version " <= 3.1.0.5" | - |
Affected
| ||||||
| Ovirt-engine-sdk Search vendor "Ovirt-engine-sdk" | 3.1.0.5 Search vendor "Ovirt-engine-sdk" for product "3.1.0.5" | * | - |
Affected
| ||||||