Lucene search

K
cve[email protected]CVE-2012-2654
HistoryJun 21, 2012 - 3:55 p.m.

CVE-2012-2654

2012-06-2115:55:12
CWE-20
web.nvd.nist.gov
19
cve-2012-2654
openstack compute
nova
folsom
essex
diablo
api security
protocol check
access restrictions

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.5%

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Affected configurations

NVD
Node
openstackcomputeMatch2012.2
OR
openstackdiabloMatch2011.3
OR
openstackessexMatch2012.1

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.5%