CVE-2018-14635

EPSS 0.4%
Published 10.09.2018 19:29:00
Last modified 21.11.2024 03:49:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openstack Version10

Redhat ≫ Openstack Version12

Redhat ≫ Openstack Version13

Openstack ≫ Neutron Version >= 11.0.0 <= 11.0.5

Openstack ≫ Neutron Version >= 12.0.0 <= 12.0.3

Openstack ≫ Neutron Version13.0.0.0 Updateb1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.601

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:2721

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2710

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2715

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3792

Third Party Advisory

https://bugs.launchpad.net/neutron/+bug/1757482

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635

Patch