7.5

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version16.04 SwEditionlts
OpenstackNova-lxd Version <= 13.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.91% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2017/02/09/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96182
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3195-1
Third Party Advisory
https://bugs.launchpad.net/nova-lxd/+bug/1656847
Patch
Third Party Advisory
Issue Tracking
https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
Patch
Third Party Advisory
Issue Tracking