{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/neutron/+bug/1357379"}, {"name": "[oss-security] 20140916 CVE request for vulnerability in OpenStack Neutron", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/09/15/5"}, {"name": "RHSA-2014:1686", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1686.html"}, {"name": "RHSA-2014:1786", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1786.html"}, {"name": "RHSA-2014:1785", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1785.html"}, {"name": "USN-2408-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2408-1"}, {"name": "62299", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62299"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6414", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/neutron/+bug/1357379", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/neutron/+bug/1357379"}, {"name": "[oss-security] 20140916 CVE request for vulnerability in OpenStack Neutron", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/09/15/5"}, {"name": "RHSA-2014:1686", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1686.html"}, {"name": "RHSA-2014:1786", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1786.html"}, {"name": "RHSA-2014:1785", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1785.html"}, {"name": "USN-2408-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2408-1"}, {"name": "62299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62299"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:17:24.116Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/neutron/+bug/1357379"}, {"name": "[oss-security] 20140916 CVE request for vulnerability in OpenStack Neutron", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/09/15/5"}, {"name": "RHSA-2014:1686", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1686.html"}, {"name": "RHSA-2014:1786", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1786.html"}, {"name": "RHSA-2014:1785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1785.html"}, {"name": "USN-2408-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2408-1"}, {"name": "62299", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62299"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6414", "datePublished": "2014-10-02T14:00:00", "dateReserved": "2014-09-15T00:00:00", "dateUpdated": "2024-08-06T12:17:24.116Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "B967CB82-F8DB-4CD8-986C-7194CC0584A9", "versionEndIncluding": "2013.2.4", "versionStartIncluding": "2013.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "48271F69-454F-4050-B784-5A81BCE48A28", "versionEndExcluding": "2014.1.2", "versionStartIncluding": "2014.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "D90C46FB-8A78-489E-8D66-A881384CB42D", "versionEndIncluding": "2014.2.4", "versionStartIncluding": "2014.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors."}, {"lang": "es", "value": "OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administraci\u00f3n a los valores por defecto a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-6414", "lastModified": "2018-10-19T18:54:23.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-02T14:55:04.887", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1686.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1785.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1786.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62299"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/09/15/5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2408-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/neutron/+bug/1357379"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1686", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "openstack-neutron-0:2013.2.4-5.el6ost", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-10-22T00:00:00Z"}, {"advisory": "RHSA-2014:1785", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-neutron-0:2014.1.3-8.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2014-11-03T00:00:00Z"}, {"advisory": "RHSA-2014:1785", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "python-neutronclient-0:2.3.4-3.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2014-11-03T00:00:00Z"}, {"advisory": "RHSA-2014:1786", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-neutron-0:2014.1.3-7.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2014-11-03T00:00:00Z"}, {"advisory": "RHSA-2014:1786", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "python-neutronclient-0:2.3.4-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2014-11-03T00:00:00Z"}], "bugzilla": {"description": "openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users", "id": "1142012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142012"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-862", "details": ["OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.", "It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service."], "name": "CVE-2014-6414", "public_date": "2014-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-6414\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6414"], "threat_severity": "Moderate"}