CVE-2022-44020

VirtualBMC: removes password protection from the managed libvirt XML domain

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

Se descubrió un problema en OpenStack Sushy-Tools hasta 0.21.0 y VirtualBMC hasta 2.2.2. Cambiar la configuración del dispositivo de arranque con estos paquetes elimina la protección con contraseña del dominio XML libvirt administrado. NOTA: esto sólo afecta a una ""unsupported, production-like configuration"".

A flaw was found in sushy-tools & VirtualBMC, where changing the boot device configuration removes password protection from the managed libvirt XML domain.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-29 CVE Reserved
2022-10-29 CVE Published
2024-02-03 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-281: Improper Preservation of Permissions
CWE-305: Authentication Bypass by Primary Weakness

CAPEC

References (8)

URL	Tag	Source
https://storyboard.openstack.org/#%21/story/2010382

URL	Date	SRC

URL	Date	SRC
https://review.opendev.org/c/openstack/sushy-tools/+/862625	2023-11-07
https://review.opendev.org/c/openstack/virtualbmc/+/862620	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-44020	2022-12-08
https://bugzilla.redhat.com/show_bug.cgi?id=2142678	2022-12-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opendev Search vendor "Opendev"		Sushy-tools Search vendor "Opendev" for product "Sushy-tools"				< 0.21.1 Search vendor "Opendev" for product "Sushy-tools" and version " < 0.21.1"		openstack		Affected
Opendev Search vendor "Opendev"		Virtualbmc Search vendor "Opendev" for product "Virtualbmc"				< 3.0.0 Search vendor "Opendev" for product "Virtualbmc" and version " < 3.0.0"		openstack		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected