CVE-2014-0056
CVE-2014-0056 is a low-severity vulnerability in Openstack Neutron with a CVSS 2.0 base score of 2.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: Low (CVSS 2.0 base score 2.1)
- EPSS exploit prediction: 1% (70th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-287
- Affected product: Openstack Neutron
- Published:
- Last modified:
Description
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
Frequently asked questions
- What is CVE-2014-0056?
- The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
- How severe is CVE-2014-0056?
- CVE-2014-0056 has a CVSS 2.0 base score of 2.1, rated low severity.
- Is CVE-2014-0056 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (70th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-0056?
- CVE-2014-0056 primarily affects Openstack Neutron. In total, 15 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2014-0056?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-0056 published?
- CVE-2014-0056 was published on 2014-05-08 and last updated on 2026-06-17.
References
- http://rhn.redhat.com/errata/RHSA-2014-0516.html
- http://www.openwall.com/lists/oss-security/2014/03/27/5
- http://www.ubuntu.com/usn/USN-2194-1
- https://bugs.launchpad.net/neutron/+bug/1243327
Affected products (15)
- cpe:2.3:a:openstack:neutron:2012.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2012.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2012.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2012.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2012.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
More vulnerabilities in Openstack Neutron
- CVE-2021-38598 — Critical (CVSS 9.1): OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the…
- CVE-2015-8914 — Critical (CVSS 9.1): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an…
- CVE-2014-0187 — Critical (CVSS 9.0): The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote…
- CVE-2016-5363 — High (CVSS 8.2): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an…
- CVE-2016-5362 — High (CVSS 8.2): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an…
- CVE-2014-3632 — High (CVSS 7.6): The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red…
All CVEs affecting Openstack Neutron →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →