Security readout for executives and security teams
Plain-English summary
Ubuntu MAAS before 1.9.2 had a REST API weakness where an attacker could induce a logged-in user to run commands. The record rates this critical because compromise could affect confidentiality, integrity, and availability. Evidence does not show confirmed active exploitation.
Executive priority
Treat this as high priority if legacy MAAS is still present. MAAS controls infrastructure provisioning, so abuse could affect server lifecycle operations. If no pre-1.9.2 MAAS remains, urgency drops to documentation and evidence retention.
Technical view
CVE-2014-1427 is described as a MAAS REST API issue affecting versions prior to 1.9.2. The title calls it CSRF, while the description references cross-site scripting causing command execution by an authenticated user. CVSS 3.0 is 9.6 with network attack vector, low complexity, no attacker privileges, and required user interaction.
Likely exposure
Exposure is most likely where an organization still operates Ubuntu MAAS versions older than 1.9.2, especially if authenticated users access MAAS from browsers that can reach untrusted content. The source bundle does not identify specific supported branches, configurations, or deployment defaults.
Exploitation context
The CVSS vector requires user interaction but no attacker privileges. The attacker would need to cause a logged-in MAAS user to trigger the vulnerable behavior. CISA KEV status is false in the provided bundle, and no cited source confirms exploitation in the wild.
Researcher notes
The record has a terminology inconsistency: the title says CSRF, while the description says cross-site scripting. Do not assume a specific root cause beyond the provided text. The only affected boundary stated is MAAS before 1.9.2.
Mitigation direction
- Inventory all Ubuntu MAAS deployments and record exact versions.
- Prioritize moving any MAAS version prior to 1.9.2 off the affected release line.
- Check Canonical or MAAS release guidance for the supported fixed upgrade path.
- Restrict MAAS administrative access to trusted networks and users where operationally possible.
- Review privileged MAAS accounts for unnecessary access.
Validation and detection
- Confirm whether each MAAS instance is older than 1.9.2.
- Verify MAAS REST API and administrative interfaces are not broadly exposed.
- Review access logs for unexpected administrative actions by legitimate users.
- Check whether MAAS users reported suspicious browser redirects or prompts.
- Document remediation status and residual unsupported-version risk.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2014-1427 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Critical
- CVSS
- 9.6 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H2.86Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
9.6CriticalVector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://launchpad.net/maas/+milestone/1.9.2CVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
