CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-0335

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.4%

CVSS Severity

CVSS v2 Score 6.0

References

http://rhn.redhat.com/errata/RHSA-2013-0709.html
http://secunia.com/advisories/52337
http://secunia.com/advisories/52728
http://www.openwall.com/lists/oss-security/2013/02/26/7
http://www.osvdb.org/90657
http://www.ubuntu.com/usn/USN-1771-1
https://bugs.launchpad.net/nova/+bug/1125378
https://review.openstack.org/#/c/22086/
https://review.openstack.org/#/c/22758
https://review.openstack.org/#/c/22872/
http://rhn.redhat.com/errata/RHSA-2013-0709.html
http://secunia.com/advisories/52337
http://secunia.com/advisories/52728
http://www.openwall.com/lists/oss-security/2013/02/26/7
http://www.osvdb.org/90657
http://www.ubuntu.com/usn/USN-1771-1
https://bugs.launchpad.net/nova/+bug/1125378
https://review.openstack.org/#/c/22086/
https://review.openstack.org/#/c/22758
https://review.openstack.org/#/c/22872/

Products affected by CVE-2013-0335

Openstack » Essex » Version: 2012.1

cpe:2.3:a:openstack:essex:2012.1
Openstack » Folsom » Version: 2012.2

cpe:2.3:a:openstack:folsom:2012.2
Openstack » Grizzly » Version: 2012.2

cpe:2.3:a:openstack:grizzly:2012.2
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 12.10

cpe:2.3:o:canonical:ubuntu_linux:12.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0335

Products

Pricing

Contact Us