Arosen

**Name of the Vulnerable Software and Affected Versions** OpenStack Neutron versions 2012.2 through 2013.2.2 **Description** The issue allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command, due to the l3-agent not checking the tenant id when creating ports. **Recommendations** For OpenStack Neutron versions 2012.2 through 2013.2.2, update to version 2013.2.3 or later to resolve the issue.