CVE-2014-3608

high

Description

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

References

http://www.securityfocus.com/bid/70220

http://seclists.org/oss-sec/2014/q4/65

http://rhn.redhat.com/errata/RHSA-2014-1782.html

http://rhn.redhat.com/errata/RHSA-2014-1781.html

Details

Source: Mitre, NVD

Published: 2014-10-06

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High