Vulnerability Name:

CVE-2012-2654 (CCN-76110)

Assigned:2012-06-06
Published:2012-06-06
Updated:2017-08-29
Summary:The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2012-2654

Source: CCN
Type: SA46808
OpenStack Compute (Nova) "Security Group" Security Bypass Security Issue

Source: SECUNIA
Type: Vendor Advisory
46808

Source: SECUNIA
Type: Vendor Advisory
49439

Source: CCN
Type: OpenStack Web site
Nova

Source: CCN
Type: OSVDB ID: 82736
OpenStack Compute (Nova) EC2 / OS API Incorrect Case Definition Protocol Handling Security Group Rules Bypass

Source: CCN
Type: BID-53875
OpenStack Compute (Nova) Security Bypass Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1466-1

Source: CONFIRM
Type: Patch
https://bugs.launchpad.net/nova/+bug/985184

Source: XF
Type: UNKNOWN
nova-security-group-sec-bypass(76110)

Source: XF
Type: UNKNOWN
nova-security-group-sec-bypass(76110)

Source: CONFIRM
Type: Exploit, Patch
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978

Source: CCN
Type: OpenStack GIT Repository
Fix up protocol case handling for security groups

Source: CONFIRM
Type: Exploit, Patch
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654

Source: CCN
Type: OSSA 2012-007
Security groups fail to be set correctly (CVE-2012-2654)

Source: MLIST
Type: UNKNOWN
[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)

Source: CONFIRM
Type: UNKNOWN
https://review.openstack.org/#/c/8239/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:compute:2012.2:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:diablo:2011.3:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:essex:2012.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openstack:compute:2011.3:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:compute:2012.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17625
    P
    		USN-1466-1 -- nova vulnerability
    2014-06-30
    oval:com.ubuntu.precise:def:20122654000
    V
    		CVE-2012-2654 on Ubuntu 12.04 LTS (precise) - low.
    2012-06-21
    BACK
    openstack compute 2012.2
    openstack diablo 2011.3
    openstack essex 2012.1
    openstack compute 2011.3
    openstack compute 2012.2