CVE-2014-0071
First published: Wed Feb 12 2014(Updated: )
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenStack for IBM Power | =4.0 | |
| =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0071?
CVE-2014-0071 is classified as a medium severity vulnerability allowing unauthorized access due to improper enforcement of security groups.
How do I fix CVE-2014-0071?
To fix CVE-2014-0071, ensure that security groups are correctly configured and enforced in environments using Red Hat OpenStack 4.0.
What software versions are affected by CVE-2014-0071?
CVE-2014-0071 specifically affects Red Hat OpenStack version 4.0.
What types of attacks can occur due to CVE-2014-0071?
CVE-2014-0071 allows remote attackers to bypass security restrictions, potentially leading to unauthorized connections and data exposure.
Is there a workaround for CVE-2014-0071?
A workaround for CVE-2014-0071 involves manually adjusting security group configurations to enforce intended access controls.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0071
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/redhat
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/4.0