CVE-2012-2654

EUVD-2012-0020
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
openstackcompute
2012.2
openstackdiablo
2011.3
openstackessex
2012.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nova
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
bullseye
2:22.0.1-2+deb11u1
fixed
bullseye (security)
2:22.4.0-1~deb11u5
fixed
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nova
hardy
dne
lucid
dne
natty
ignored
oneiric
Fixed 2011.3-0ubuntu6.7
released
precise
Fixed 2012.1-0ubuntu2.2
released
quantal
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/46808
http://secunia.com/advisories/49439
http://www.ubuntu.com/usn/USN-1466-1
https://bugs.launchpad.net/nova/+bug/985184
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
https://lists.launchpad.net/openstack/msg12883.html
https://review.openstack.org/#/c/8239/
http://secunia.com/advisories/46808
http://secunia.com/advisories/49439
http://www.ubuntu.com/usn/USN-1466-1
https://bugs.launchpad.net/nova/+bug/985184
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
https://lists.launchpad.net/openstack/msg12883.html
https://review.openstack.org/#/c/8239/