5.9

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNeutron Version >= 7.0.0 < 7.2.0-12.1
OpenstackNeutron Version >= 8.0.0 < 8.3.0-11.1
OpenstackNeutron Version >= 9.0.0 < 9.3.1-2.1
OpenstackNeutron Version >= 10.0.0 < 10.0.2-1.1
RedhatOpenstack Version6.0
   RedhatEnterprise Linux Version7.0
RedhatOpenstack Version7.0
   RedhatEnterprise Linux Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/100237
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2447
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2448
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2451
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2452
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543
Third Party Advisory
Issue Tracking
Mitigation