PT-2012-4163 · Openstack · Openstack Compute

Publicado

2012-06-21

Atualizado

2022-05-17

CVE-2012-2654

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2011.3 through 2012.2

Description The issue allows remote attackers to bypass intended access restrictions due to improper protocol checking when security groups are created and the network protocol is not specified entirely in lowercase.

Recommendations For OpenStack Compute (Nova) versions 2011.3 through 2012.2, consider updating to a version that properly checks the protocol when security groups are created to prevent bypassing of intended access restrictions.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-2654

GHSA-46R8-9CJ7-PW6G

PYSEC-2012-37

Produtos afetados

Openstack Compute

PT-2012-4163 · Openstack · Openstack Compute

CVE-2012-2654

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18