Openstack · Openstack Neutron · CVE-2014-0187
**Name of the Vulnerable Software and Affected Versions**
OpenStack Neutron versions 2013.1 through 2013.2.3
OpenStack Neutron versions 2014.1 through 2014.1.0
**Description**
The issue allows remote authenticated users to bypass security group restrictions. This is achieved by using an invalid CIDR in a security group rule, which prevents further rules from being applied.
**Recommendations**
For OpenStack Neutron versions 2013.1 through 2013.2.3, update to version 2013.2.4 or later.
For OpenStack Neutron versions 2014.1 through 2014.1.0, update to version 2014.1.1 or later.