Vulnerability Details CVE-2014-3517
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2014-3517
-
cpe:2.3:a:openstack:nova:2013.2
-
cpe:2.3:a:openstack:nova:2013.2.0
-
cpe:2.3:a:openstack:nova:2013.2.1
-
cpe:2.3:a:openstack:nova:2013.2.2
-
cpe:2.3:a:openstack:nova:2013.2.3
-
cpe:2.3:a:openstack:nova:2013.2.4
-
cpe:2.3:a:openstack:nova:2014.1
-
cpe:2.3:a:openstack:nova:2014.1.0
-
cpe:2.3:a:openstack:nova:2014.1.1
-
cpe:2.3:a:openstack:nova:2014.2.0