CVE-2014-8750 — MEDIUM (6.5)

Q: How severe is CVE-2014-8750?

CVE-2014-8750 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8750?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.

Vulnerability Description

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openstack	Nova	>= 2014.1, < 2014.1.4

Related Weaknesses (CWE)

CWE-362

References

http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1689.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1781.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1782.htmlThird Party Advisory
http://secunia.com/advisories/60227Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/14/9Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/70182Third Party AdvisoryVDB Entry
https://bugs.launchpad.net/nova/+bug/1357372Third Party Advisory
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1689.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1781.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1782.htmlThird Party Advisory
http://secunia.com/advisories/60227Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/14/9Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/70182Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-8750?

CVE-2014-8750 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that...

How severe is CVE-2014-8750?

CVE-2014-8750 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8750?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.