CVE-2014-5040

MEDIUM

Eucalyptus - Access Control

Title source: rule

Description

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.

References (2)

[Vendor Advisory] https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463

[Vendor Advisory] https://www.eucalyptus.com/resources/security/advisories/esa-32

Scores

CVSS v3 6.8

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-264

Status draft

Affected Products (2)

eucalyptus/eucalyptus

Timeline

Published Jan 05, 2016

Tracked Since Feb 18, 2026