CVE-2012-2654

N/A Unknown
Published: June 21, 2012 Modified: April 29, 2026
View on NVD

Description

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/46808
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/49439
Source: secalert@redhat.com
Vendor Advisory
http://www.ubuntu.com/usn/USN-1466-1
Source: secalert@redhat.com
https://bugs.launchpad.net/nova/+bug/985184
Source: secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
Source: secalert@redhat.com
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
Source: secalert@redhat.com
Exploit Patch
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
Source: secalert@redhat.com
Exploit Patch
https://lists.launchpad.net/openstack/msg12883.html
Source: secalert@redhat.com
https://review.openstack.org/#/c/8239/
Source: secalert@redhat.com
http://secunia.com/advisories/46808
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/49439
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ubuntu.com/usn/USN-1466-1
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugs.launchpad.net/nova/+bug/985184
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch
https://lists.launchpad.net/openstack/msg12883.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://review.openstack.org/#/c/8239/
Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.6%
84th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

openstack

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8