7.1
CVE-2023-5366
- EPSS 0.03%
- Veröffentlicht 06.10.2023 18:15:12
- Zuletzt bearbeitet 21.11.2024 08:41:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openvswitch ≫ Openvswitch Version < 2023-02-28
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Virtualization Version4.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Fast Datapath Version-
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| secalert@redhat.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.