{"api_version":"1","generated_at":"2026-04-23T09:37:49+00:00","cve":"CVE-2012-2654","urls":{"html":"https://cve.report/CVE-2012-2654","api":"https://cve.report/api/cve/CVE-2012-2654.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-2654","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-2654"},"summary":{"title":"CVE-2012-2654","description":"The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2012-06-21 15:55:00","updated_at":"2017-08-29 01:31:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.ubuntu.com/usn/USN-1466-1","name":"USN-1466-1","refsource":"UBUNTU","tags":[],"title":"USN-1466-1: Nova vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76110","name":"nova-security-group-sec-bypass(76110)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654","name":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654","refsource":"CONFIRM","tags":["Exploit","Patch"],"title":"Fix up protocol case handling for security groups. · openstack/nova@ff06c7c · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://review.openstack.org/#/c/8239/","name":"https://review.openstack.org/#/c/8239/","refsource":"CONFIRM","tags":[],"title":"Gerrit Code Review","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978","name":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978","refsource":"CONFIRM","tags":["Exploit","Patch"],"title":"Fix up protocol case handling for security groups. · openstack/nova@9f9e9da · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.launchpad.net/openstack/msg12883.html","name":"[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)","refsource":"MLIST","tags":[],"title":"[OSSA 2012-007] Security groups fail to be set\tcorrectly (CVE-2012-2654) : Mailing list archive : openstack team in Launchpad","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/46808","name":"46808","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA46808 - OpenStack Compute (Nova) "Security Group" Security Bypass Security Issue - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/49439","name":"49439","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA49439 - Ubuntu update for nova - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/nova/+bug/985184","name":"https://bugs.launchpad.net/nova/+bug/985184","refsource":"CONFIRM","tags":["Patch"],"title":"Bug #985184 “Security groups fail to be set correctly if incorre...” : Bugs : OpenStack Compute (nova)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-2654","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2654","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"compute","cpe6":"2012.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"compute","cpe6":"2012.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"diablo","cpe6":"2011.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"diablo","cpe6":"2011.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"essex","cpe6":"2012.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"2654","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"essex","cpe6":"2012.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2012-2654","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://secunia.com/advisories/46808","refsource":"MISC","name":"http://secunia.com/advisories/46808"},{"url":"http://secunia.com/advisories/49439","refsource":"MISC","name":"http://secunia.com/advisories/49439"},{"url":"http://www.ubuntu.com/usn/USN-1466-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-1466-1"},{"url":"https://bugs.launchpad.net/nova/+bug/985184","refsource":"MISC","name":"https://bugs.launchpad.net/nova/+bug/985184"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76110","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"},{"url":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978","refsource":"MISC","name":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"},{"url":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654","refsource":"MISC","name":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"},{"url":"https://lists.launchpad.net/openstack/msg12883.html","refsource":"MISC","name":"https://lists.launchpad.net/openstack/msg12883.html"},{"url":"https://review.openstack.org/#/c/8239/","refsource":"MISC","name":"https://review.openstack.org/#/c/8239/"}]}},"nvd":{"publishedDate":"2012-06-21 15:55:00","lastModifiedDate":"2017-08-29 01:31:00","problem_types":["CWE-20"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"2654","Ordinal":"55392","Title":"CVE-2012-2654","CVE":"CVE-2012-2654","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"2654","Ordinal":"1","NoteData":"The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"2654","Ordinal":"2","NoteData":"2012-06-21","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"2654","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}