Miggo Logo

CVE-2012-2101: Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules

3.5

CVSS Score

Basic Information

EPSS Score
0.74453%
CWE
-
Published
5/17/2022
Updated
11/22/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:M/Au:S/C:N/I:N/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from missing quota checks in security group/rule creation endpoints. The patches introduced quota.allowed_security_groups() and quota.allowed_security_group_rules() calls to these functions, confirming they were previously unguarded. The EC2 and OpenStack API handlers for group/rule creation are directly implicated in the CVE description and commit diffs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nst**k *omput* (Nov*) *olsom, ****.*, *n* ****.* *o*s not limit t** num**r o* s**urity *roup rul*s, w*i** *llows r*mot* *ut**nti**t** us*rs wit* **rt*in p*rmissions to **us* * **ni*l o* s*rvi** (*PU *n* **r* *riv* *onsumption) vi* * n*twork r*qu*s

Reasoning

T** vuln*r**ility st*mm** *rom missin* quot* ****ks in s**urity *roup/rul* *r**tion *n*points. T** p*t***s intro*u*** quot*.*llow**_s**urity_*roups() *n* quot*.*llow**_s**urity_*roup_rul*s() **lls to t**s* *un*tions, *on*irmin* t**y w*r* pr*viously u