// For flags

CVE-2014-2573

 

Severity Score

2.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

El controlador VMWare en OpenStack Compute (Nova) 2013.2 hasta 2013.2.2 no coloca debidamente las VMs en estado de rescate, lo que permite a usuarios remotos autenticados evadir el límite de cuota y causar una denegación de servicio (consumo de recursos) solicitando que la VM sea colocada en rescate y posteriormente eliminando la imagen.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-03-21 CVE Reserved
  • 2014-03-25 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
Compute
Search vendor "Openstack" for product "Compute"
2013.2
Search vendor "Openstack" for product "Compute" and version "2013.2"
-
Affected
Openstack
Search vendor "Openstack"
Compute
Search vendor "Openstack" for product "Compute"
2013.2.1
Search vendor "Openstack" for product "Compute" and version "2013.2.1"
-
Affected
Openstack
Search vendor "Openstack"
Compute
Search vendor "Openstack" for product "Compute"
2013.2.2
Search vendor "Openstack" for product "Compute" and version "2013.2.2"
-
Affected