Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0187

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

Published

2014-04-28T14:09:06.237

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	neutron	2013.1	Yes
Application	openstack	neutron	2013.1.1	Yes
Application	openstack	neutron	2013.1.2	Yes
Application	openstack	neutron	2013.1.3	Yes
Application	openstack	neutron	2013.1.4	Yes
Application	openstack	neutron	2013.1.5	Yes
Application	openstack	neutron	2013.2	Yes
Application	openstack	neutron	2013.2.1	Yes
Application	openstack	neutron	2013.2.2	Yes
Application	openstack	neutron	2013.2.3	Yes
Application	openstack	neutron	2014.1	Yes
Operating System	canonical	ubuntu_linux	13.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	opensuse	opensuse	13.1	Yes

References

http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html ([email protected])
http://secunia.com/advisories/59533 ([email protected])
http://www.openwall.com/lists/oss-security/2014/04/22/8 ([email protected])
http://www.ubuntu.com/usn/USN-2255-1 ([email protected])
https://bugs.launchpad.net/neutron/+bug/1300785 Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59533 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/04/22/8 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2255-1 (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/neutron/+bug/1300785 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)