Lucene search

K

[email protected]NVD:CVE-2014-8750

HistoryOct 15, 2014 - 2:55 p.m.

CVE-2014-8750

2014-10-1514:55:09

CWE-362

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

Affected configurations

NVD

Node

openstacknovaRange2014.1–2014.1.4

OR

openstacknovaMatch2014.2milestone1

OR

openstacknovaMatch2014.2milestone2

OR

openstacknovaMatch2014.2milestone3

References

lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html

rhn.redhat.com/errata/RHSA-2014-1689.html

rhn.redhat.com/errata/RHSA-2014-1781.html

rhn.redhat.com/errata/RHSA-2014-1782.html

secunia.com/advisories/60227

www.openwall.com/lists/oss-security/2014/10/14/9

www.securityfocus.com/bid/70182

bugs.launchpad.net/nova/+bug/1357372

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

Related for NVD:CVE-2014-8750

redhat3 veracode1 cvelist1 cve1 ubuntucve1 debiancve1 prion1