CVE-2014-2573
Severity Score
2.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
El controlador VMWare en OpenStack Compute (Nova) 2013.2 hasta 2013.2.2 no coloca debidamente las VMs en estado de rescate, lo que permite a usuarios remotos autenticados evadir el límite de cuota y causar una denegación de servicio (consumo de recursos) solicitando que la VM sea colocada en rescate y posteriormente eliminando la imagen.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-03-21 CVE Reserved
- 2014-03-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/03/21/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2014/03/21/2 | Mailing List |
|
| https://bugs.launchpad.net/nova/+bug/1269418 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/57498 | 2014-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Compute Search vendor "Openstack" for product "Compute" | 2013.2 Search vendor "Openstack" for product "Compute" and version "2013.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Compute Search vendor "Openstack" for product "Compute" | 2013.2.1 Search vendor "Openstack" for product "Compute" and version "2013.2.1" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Compute Search vendor "Openstack" for product "Compute" | 2013.2.2 Search vendor "Openstack" for product "Compute" and version "2013.2.2" | - |
Affected
| ||||||