5.9

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

Data is provided by the National Vulnerability Database (NVD)
OpenstackNeutron Version >= 7.0.0 < 7.2.0-12.1
OpenstackNeutron Version >= 8.0.0 < 8.3.0-11.1
OpenstackNeutron Version >= 9.0.0 < 9.3.1-2.1
OpenstackNeutron Version >= 10.0.0 < 10.0.2-1.1
RedhatOpenstack Version6.0
   RedhatEnterprise Linux Version7.0
RedhatOpenstack Version7.0
   RedhatEnterprise Linux Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.44
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/100237
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543
Third Party Advisory
Issue Tracking
Mitigation