Lucene search

K
cve[email protected]CVE-2012-2654
HistoryJun 21, 2012 - 3:55 p.m.

CVE-2012-2654

2012-06-2115:55:12
CWE-20
web.nvd.nist.gov
20
cve-2012-2654
openstack compute
nova
folsom
essex
diablo
api security
protocol check
access restrictions

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Affected configurations

NVD
Node
openstackcomputeMatch2012.2
OR
openstackdiabloMatch2011.3
OR
openstackessexMatch2012.1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%