CVE-2014-8170

Name: CVE-2014-8170
Creator: NVD / NIST
Published: 2017-09-26T01:29:00.32+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.51%

Last modified Jun 17, 2026

CVE-2014-8170 is a vulnerability of currently unknown severity. ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.. EPSS estimates a 3.51% chance of exploitation in the next 30 days.

Description

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.

Metrics

EPSS Probability

3.51%

87.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-134

Affected Software

Vendor	Product	Versions
Ovirt	Ovirt-Node	3.0.0-474-gb852fd7

References

https://bugzilla.redhat.com/show_bug.cgi?id=1194745Issue Tracking, Third Party Advisory, VDB Entry
https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091
https://bugzilla.redhat.com/show_bug.cgi?id=1194745Issue Tracking, Third Party Advisory, VDB Entry
https://gerrit.ovirt.org/gitweb?p=ovirt-node.git%3Ba=blob%3Bf=src/ovirtnode/ovirtfunctions.py%3Bh=caef7ef019ca12b49aa3c030792538956fb4caad%3Bhb=e11e02cd9256c854dd0419515097637d6829b4f1#l1091

Timeline

Published: Sep 26, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-8170?

How severe is CVE-2014-8170?

Severity scoring for CVE-2014-8170 is pending analysis. The EPSS model estimates a 3.51% probability of exploitation in the next 30 days.

How do I fix CVE-2014-8170?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-8170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST