What is CVE-2021-20267?

CVE-2021-20267 is a high-severity vulnerability in Openstack Neutron, classified under Insufficient Verification of Data Authenticity. CVSS score: 7.1/10. Published 2021-05-28.

How severe is CVE-2021-20267?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Openstack Neutron

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems o…

EPSS: 0.010 (58.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H.

Affected products

Openstack Neutron — versions 18.0.0
Redhat Openstack_platform — versions 10.0, 13.0, 16.1
N/a Openstack-neutron — versions openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2021-20267?: CVE-2021-20267 is a high-severity vulnerability in Openstack Neutron, classified under Insufficient Verification of Data Authenticity. CVSS score: 7.1/10. Published 2021-05-28.
How severe is CVE-2021-20267?: High severity. CVSS v3 base score is 7.1 out of 10.