// For flags

CVE-2014-8750

openstack-nova: Nova VMware driver may connect VNC to another tenant's console

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

CondiciĆ³n de carrera en el driver de VMware en OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2 anterior a 2014.2rc1, permite a usuarios remotos autenticados acceder a consolas no intencionadas, mediante una instancia que desencadena que el mismo puerto VNC sea asignado a dos instancias diferentes.

A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-13 CVE Reserved
  • 2014-10-15 CVE Published
  • 2024-05-27 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-285: Improper Authorization
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
>= 2014.1 < 2014.1.4
Search vendor "Openstack" for product "Nova" and version " >= 2014.1 < 2014.1.4"
-
Affected
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
2014.2
Search vendor "Openstack" for product "Nova" and version "2014.2"
milestone1
Affected
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
2014.2
Search vendor "Openstack" for product "Nova" and version "2014.2"
milestone2
Affected
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
2014.2
Search vendor "Openstack" for product "Nova" and version "2014.2"
milestone3
Affected