CVE-2014-8750 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-8750 PUBLISHED CVSS 6.5 MEDIUM

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

EPSS 0.93% · 75.9th percentile

Risk Scores

CVSS v2.0

6.5

EPSS Score

0.93%

75.9th percentile

Affected Products

Vendor	Product	Versions
openstack	nova	2014.1, 2014.2, 2014.2
n/a	n/a	n/a

Timeline

Oct 15, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://bugs.launchpad.net/nova/+bug/1357372 url
60227 third-party-advisory
RHSA-2014:1689 vendor-advisory
RHSA-2014:1782 vendor-advisory
RHSA-2014:1781 vendor-advisory
[oss-security] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) mailing-list
[openstack-announce] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) mailing-list
70182 vdb
https://nvd.nist.gov/vuln/detail/CVE-2014-8750 advisory

Open in Interactive Console →