LiveActive security incident?Get immediate response
CVE Record

CVE-2014-1427: MAAS API vulnerable to CSRF attack

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.

CriticalCVSS 9.6Not KEV-listedUpdated
Glexia's TakeAutomated analysiscritical

Security readout for executives and security teams

Plain-English summary

Ubuntu MAAS before 1.9.2 had a REST API weakness where an attacker could induce a logged-in user to run commands. The record rates this critical because compromise could affect confidentiality, integrity, and availability. Evidence does not show confirmed active exploitation.

Executive priority

Treat this as high priority if legacy MAAS is still present. MAAS controls infrastructure provisioning, so abuse could affect server lifecycle operations. If no pre-1.9.2 MAAS remains, urgency drops to documentation and evidence retention.

Technical view

CVE-2014-1427 is described as a MAAS REST API issue affecting versions prior to 1.9.2. The title calls it CSRF, while the description references cross-site scripting causing command execution by an authenticated user. CVSS 3.0 is 9.6 with network attack vector, low complexity, no attacker privileges, and required user interaction.

Likely exposure

Exposure is most likely where an organization still operates Ubuntu MAAS versions older than 1.9.2, especially if authenticated users access MAAS from browsers that can reach untrusted content. The source bundle does not identify specific supported branches, configurations, or deployment defaults.

Exploitation context

The CVSS vector requires user interaction but no attacker privileges. The attacker would need to cause a logged-in MAAS user to trigger the vulnerable behavior. CISA KEV status is false in the provided bundle, and no cited source confirms exploitation in the wild.

Researcher notes

The record has a terminology inconsistency: the title says CSRF, while the description says cross-site scripting. Do not assume a specific root cause beyond the provided text. The only affected boundary stated is MAAS before 1.9.2.

Mitigation direction

  • Inventory all Ubuntu MAAS deployments and record exact versions.
  • Prioritize moving any MAAS version prior to 1.9.2 off the affected release line.
  • Check Canonical or MAAS release guidance for the supported fixed upgrade path.
  • Restrict MAAS administrative access to trusted networks and users where operationally possible.
  • Review privileged MAAS accounts for unnecessary access.

Validation and detection

  • Confirm whether each MAAS instance is older than 1.9.2.
  • Verify MAAS REST API and administrative interfaces are not broadly exposed.
  • Review access logs for unexpected administrative actions by legitimate users.
  • Check whether MAAS users reported suspicious browser redirects or prompts.
  • Document remediation status and residual unsupported-version risk.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2014-1427 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
9.6 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
9.6CVSS 3.0CriticalCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H2.86Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

9.6Critical
CVSS 3.0 vector shape for CVE-2014-1427Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
UbuntuMAASunspecifiedListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.