CVE-2014-2573

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Published: 2014-03-25 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2014-2573

EPSS CVSS CWE GHSA Affected OS Tracker

Conclusion & alert: CVE-2014-2573 is rated Low Risk (26.6/100): CVSS Low severity, with low exploitation likelihood (EPSS 0.70%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2014-2573

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.11%	0.70%	+0.59%
2	2025-03-30	0.15%	0.11%	-0.05%
3	2025-03-29	—	0.15%	—

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-2573

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
2.3	2.0	LOW	`AV:A/AC:M/Au:S/C:N/I:N/A:P` Click to expand Access vector (AV:A) Requires access to an adjacent network segment. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	4.4	2.9	[email protected]

Weakness enumeration for CVE-2014-2573

CWE-264 MITRE ↗

GitHub Security Advisory for CVE-2014-2573

GHSA-jv34-xvjq-ppch · Severity: high · Ecosystem: pip — OpenStack Nova VMWare driver leaks rescued images

OS Trackers for CVE-2014-2573

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2014-2573 not yet assigned priority: Debian including 1 source packages (nova), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2014-2573
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2014-2573
`ubuntu`	negligible	CVE-2014-2573 negligible priority: Ubuntu including 1 source packages (nova), 5 status rows across 5 suites (lucid, precise, saucy, trusty, upstream): DNE 2, ignored 1, not-affected 1, released 1.	https://ubuntu.com/security/CVE-2014-2573

Affected software / configurations for CVE-2014-2573

Vendor	Product	Version	Raw CPE
openstack	compute	2013.2	cpe:2.3:a:openstack:compute:2013.2:::::::*
openstack	compute	2013.2.1	cpe:2.3:a:openstack:compute:2013.2.1:::::::*
openstack	compute	2013.2.2	cpe:2.3:a:openstack:compute:2013.2.2:::::::*

References for CVE-2014-2573

URL	Tags
http://secunia.com/advisories/57498	Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/03/21/1
http://www.openwall.com/lists/oss-security/2014/03/21/2
https://bugs.launchpad.net/nova/+bug/1269418

cvelogic Threat Intelligence