VDB
CVE-2014-8750
CVE-2014-8750
PUBLISHED
CVSS 6.5 MEDIUM
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
EPSS 0.93% · 76.5th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
0.93%
76.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openstack | nova | 2014.2, 2014.2, 2014.2 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://bugs.launchpad.net/nova/+bug/1357372 (circl)
- 60227 (circl)
- RHSA-2014:1689 (circl)
- RHSA-2014:1782 (circl)
- RHSA-2014:1781 (circl)
- [oss-security] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) (circl)
- [openstack-announce] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) (circl)
- 70182 (circl)
Timeline
- Oct 15, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://bugs.launchpad.net/nova/+bug/1357372 url
- 60227 third-party-advisory
- RHSA-2014:1689 vendor-advisory
- RHSA-2014:1782 vendor-advisory
- RHSA-2014:1781 vendor-advisory
- [oss-security] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) mailing-list
- [openstack-announce] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) mailing-list
- 70182 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2014-8750 advisory