CVE-2014-0592
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
Barclamp (también conocido como barclamp-network) 1.7 para el framework de Crowbar, utilizado en SUSE Cloud 3, no habilita netfilter en puentes cuando crea instancias nuevas, lo que permite a atacantes remotos evadir restricciones de seguridad de grupo a través de vectores no especificados, relacionado con IPs flotantes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-28 CVE Reserved
- 2014-04-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/66519 | Vdb Entry | |
| https://bugzilla.novell.com/show_bug.cgi?id=864183 | X_refsource_confirm | |
| https://github.com/crowbar/barclamp-network/pull/269 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html | 2014-04-04 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/57509 | 2014-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Crowbar Search vendor "Crowbar" | Barclamp Search vendor "Crowbar" for product "Barclamp" | 1.7 Search vendor "Crowbar" for product "Barclamp" and version "1.7" | - |
Affected
| in | Novell Search vendor "Novell" | Suse Cloud Search vendor "Novell" for product "Suse Cloud" | 3.0 Search vendor "Novell" for product "Suse Cloud" and version "3.0" | - |
Affected
|