CVE-2013-2152
rhevm: spice service unquoted search path
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
Vulnerabilidad de ruta de búsqueda en Windows sin comillas en el servicio SPICE, tal como se usa en Red Hat Enterprise Virtualization (RHEV) 3.2, permite a usuarios locales obtener privilegios a través de una aplicación manipulada en una carpeta sin especificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-06-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/60475 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84866 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0924.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2013-0925.html | 2017-08-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=971172 | 2013-06-10 | |
| https://access.redhat.com/security/cve/CVE-2013-2152 | 2013-06-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Virtualization Search vendor "Redhat" for product "Enterprise Virtualization" | 3.2 Search vendor "Redhat" for product "Enterprise Virtualization" and version "3.2" | - |
Affected
| ||||||