CVE-2015-5201

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

Published: Feb 25, 2020
Updated: Apr 13, 2023
CVE: CVE-2015-5201
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
redhat / enterprise_virtualization_hypervisor	6-6.0	6-6.7-20151117.0
redhat / enterprise_virtualization_hypervisor	7-7.0	7-7.2-20151119.0
redhat / enterprise_virtualization	-	3.5.6

https://access.redhat.com/security/cve/cve-2015-5201
https://bugzilla.redhat.com/show_bug.cgi?id=1253882
https://bugzilla.redhat.com/show_bug.cgi?id=1273144
https://rhn.redhat.com/errata/RHEA-2015-2527.html

Vulnerability Database

289,697

CVE-2015-5201