7.1
CVE-2023-5366
- EPSS 0.39%
- Veröffentlicht 06.10.2023 18:15:12
- Zuletzt bearbeitet 21.11.2024 08:41:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Openvswitch don't match packets on nd_target field
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openvswitch ≫ Openvswitch Version < 2023-02-28
Redhat ≫ Openshift Container Platform Version4.0
Redhat ≫ Virtualization Version4.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Fast Datapath Version-
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| secalert@redhat.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
http://www.openwall.com/lists/oss-security/2024/02/08/4
https://access.redhat.com/security/cve/CVE-2023-5366
https://bugzilla.redhat.com/show_bug.cgi?id=2006347
https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/