Vulnerability Details : CVE-2014-2573
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
Vulnerability category: Denial of service
Products affected by CVE-2014-2573
- cpe:2.3:a:openstack:compute:2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2573
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2573
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.3
|
LOW | AV:A/AC:M/Au:S/C:N/I:N/A:P |
4.4
|
2.9
|
NIST |
CWE ids for CVE-2014-2573
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2573
-
https://bugs.launchpad.net/nova/+bug/1269418
Bug #1269418 “[OSSA 2014-017] nova rescue doesn't put VM into RE...” : Bugs : OpenStack Compute (nova)
-
http://www.openwall.com/lists/oss-security/2014/03/21/2
oss-security - Re: CVE request for vulnerability in OpenStack Nova
-
http://www.openwall.com/lists/oss-security/2014/03/21/1
oss-security - CVE request for vulnerability in OpenStack Nova
-
http://secunia.com/advisories/57498
Sign inVendor Advisory
Jump to