PT-2014-4786 · Vmware+1 · Vmware+1

Jaroslav Henner

Published

2014-03-25

Updated

2022-05-17

CVE-2014-2573

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2013.2 through 2013.2.2

Description The issue allows remote authenticated users to bypass the quota limit and cause a denial of service by requesting a VM be put into rescue and then deleting the image, due to the VMWare driver not properly putting VMs into RESCUE status.

Recommendations For OpenStack Compute (Nova) versions 2013.2 through 2013.2.2, consider restricting access to the VM rescue functionality to prevent unauthorized users from exploiting this issue. As a temporary workaround, consider implementing additional quota checks to limit resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-264

Related Identifiers

CVE-2014-2573

GHSA-JV34-XVJQ-PPCH

PYSEC-2014-113

Affected Products

Openstack Compute

Vmware

PT-2014-4786 · Vmware+1 · Vmware+1

CVE-2014-2573

Weakness Enumeration

Related Identifiers

Affected Products

References · 17