Vulnerability Name:

CVE-2014-8750 (CCN-97029)

Assigned:2014-10-14
Published:2014-10-14
Updated:2018-11-16
Summary:Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-362
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-8750

Source: MLIST
Type: Vendor Advisory
[openstack-announce] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750)

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:1689

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:1781

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:1782

Source: CCN
Type: oss-security Mailing List, Tue, 14 Oct 2014 01:01:53 -0400 (EDT)
Re: CVE request for vulnerability in OpenStack Nova

Source: CCN
Type: oss-security Mailing List, Tue, 14 Oct 2014 14:50:08 +0000
[OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750)

Source: SECUNIA
Type: Third Party Advisory
60227

Source: CCN
Type: IBM Security Bulletin T1022040
IBM SmartCloud Entry Nova Vulnerability (CVE-2014-8750)

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20141014 [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750)

Source: BID
Type: Third Party Advisory, VDB Entry
70182

Source: CCN
Type: BID-70182
OpenStack Nova VMware driver 'get_vnc_port()' Function Race Condition Vulnerability

Source: CCN
Type: OSSA 2014-035
Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750)

Source: CONFIRM
Type: Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1357372

Source: CCN
Type: Red Hat Bugzilla Bug 1152346
CVE-2014-8750) CVE-2014-8750 openstack-nova: Nova VMware driver may connect VNC to another tenant's console

Source: XF
Type: UNKNOWN
openstack-nova-cve20148750-sec-bypass(97029)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8750

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:nova:*:*:*:*:*:*:*:* (Version >= 2014.1 and < 2014.1.4)
  • OR cpe:/a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*
  • OR cpe:/a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*
  • OR cpe:/a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openstack:nova:2014.1.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:smartcloud_entry:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55240
    P
    		Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:55923
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:56482
    P
    		Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55478
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:56208
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:55078
    P
    		cpio on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56520
    P
    		Security update for postgresql96 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55651
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:56316
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55100
    P
    		empathy on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56601
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55757
    P
    		Security update for ldb, samba, talloc, tdb, tevent (Important)
    2020-12-01
    oval:org.opensuse.security:def:56408
    P
    		Security update for gwenhywfar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55077
    P
    		coreutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:20148750
    V
    		CVE-2014-8750
    2020-11-28
    oval:com.ubuntu.precise:def:20148750000
    V
    		CVE-2014-8750 on Ubuntu 12.04 LTS (precise) - negligible.
    2014-10-15
    oval:com.ubuntu.trusty:def:20148750000
    V
    		CVE-2014-8750 on Ubuntu 14.04 LTS (trusty) - negligible.
    2014-10-15
    BACK
    openstack nova *
    openstack nova 2014.2 milestone1
    openstack nova 2014.2 milestone2
    openstack nova 2014.2 milestone3
    openstack nova 2014.1.3
    ibm smartcloud entry 3.1
    ibm smartcloud entry 3.2