Vulnerability in Openstack Neutron
CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents furth…
EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.
Affected products
- Openstack Neutron — versions 2013.1, 2013.1.1, 2013.1.2
- Canonical Ubuntu_linux — versions 13.04, 14.04
- Opensuse — versions 13.1
- N/a — versions n/a
Weakness classification (CWE)
References
- openSUSE-SU-2014:1051 (vendor-advisory, x_refsource_SUSE)
- [oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187) (mailing-list, x_refsource_MLIST)
- 59533 (x_refsource_SECUNIA, third-party-advisory)
- USN-2255-1 (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)