Vulnerability CVE-2020-10701

Vulnerability Name:

CVE-2020-10701 (CCN-202728)

Assigned:

2020-03-20

Published:

2021-02-16

Updated:

2022-05-13

Summary:

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-862

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-10701

Source: CCN
Type: Red Hat Bugzilla Bug 1819163
(CVE-2020-10701) - CVE-2020-10701 libvirt: guest agent timeout can be set under read-only mode leading to DoS

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1819163

Source: XF
Type: UNKNOWN
libvirt-cve202010701-dos(202728)

Source: CCN
Type: libvirt.git Repository
api: disallow virDomainAgentSetResponseTimeout() on read-only connections

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210708-0001/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-10701

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:libvirt:*:*:*:*:*:*:*:* (Version < 6.2.0)

Configuration CCN 1:

cpe:/a:redhat:libvirt:6.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010701	V	CVE-2020-10701	2023-06-22
oval:org.opensuse.security:def:7692	P	libvirt-libs-9.0.0-150500.4.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:604	P	Security update for virt-v2v (Moderate) (in QA)	2022-09-05
oval:org.opensuse.security:def:3100	P	gvim-7.4.326-17.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3504	P	gnome-settings-daemon-3.20.1-50.16.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94730	P	libvirt-libs-8.0.0-150400.5.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95134	P	libvirt-8.0.0-150400.5.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:220	P	libvirt-libs-7.1.0-4.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:94226	P	(Important)	2022-04-12
oval:org.opensuse.security:def:112903	P	libvirt-7.7.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1149	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:812	P	Security update for postgresql14 (Important)	2021-11-22
oval:org.opensuse.security:def:1639	P	Security update for squid (Moderate)	2021-10-20
oval:org.opensuse.security:def:106362	P	libvirt-7.7.0-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:66895	P	Security update for libsndfile (Critical)	2021-08-17
oval:org.opensuse.security:def:69904	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:2265	P	libvirt-7.1.0-4.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101380	P	libvirt-7.1.0-4.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63354	P	libvirt-7.1.0-4.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62238	P	libvirt-libs-7.1.0-4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71979	P	libvirt-libs-7.1.0-4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100939	P	libncurses6-32bit-6.1-5.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:70251	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:73586	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:69799	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:66803	P	Security update for gdk-pixbuf (Moderate)	2021-01-21
oval:org.opensuse.security:def:107247	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93868	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116805	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107605	P	libvirt-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71642	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117163	P	libvirt-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63284	P	libvirt-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100581	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2195	P	libvirt-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61901	P	libvirt-libs-6.0.0-11.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:50080	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66456	P	libcaca-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73121	P	libHX-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73239	P	libvirt-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66548	P	libvirt-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73468	P	python-tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49199	P	libncurses6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49253	P	libvirt-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50026	P	postgresql-contrib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70146	P	ant on GA media (Moderate)	2020-12-01

BACK