CVE-2017-18191

{"id": "CVE-2017-18191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-02-19T17:29:00.203", "references": [{"url": "http://openwall.com/lists/oss-security/2018/04/20/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/103104", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2332", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2714", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2855", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://launchpad.net/bugs/1739593", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://review.openstack.org/539893", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.openstack.org/ossa/OSSA-2018-001.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2018/04/20/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/103104", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2332", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2714", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2855", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://launchpad.net/bugs/1739593", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://review.openstack.org/539893", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.openstack.org/ossa/OSSA-2018-001.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected."}, {"lang": "es", "value": "Se ha descubierto un problema en OpenStack Nova en versiones 15.x hasta la 15.1.0 y 16.x hasta la 16.1.1. Al desconectar y volver a conectar un volumen cifrado, un atacante podr\u00eda acceder al volumen en bruto subyacente y corromper la cabecera LUKS, resultando en un ataque de denegaci\u00f3n de servicio (DoS) en el host de computaci\u00f3n. (El mismo c\u00f3digo de error resulta en p\u00e9rdida de datos, pero no se trata de una vulnerabilidad porque el usuario pierde sus propios datos). Todas las configuraciones de Nova que soportan vol\u00famenes cifrados est\u00e1n afectadas."}], "lastModified": "2024-11-21T03:19:31.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4941F71-BCC5-4D52-A640-29ECE6A1EC4E", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "314BD034-893F-42AF-B3A2-C44117AD4E9B", "versionEndIncluding": "16.1.1", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B"}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"}, {"criteria": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}