PT-2018-12630 · Openstack · Openstack Neutron

Publicado

2018-09-10

Atualizado

2022-05-13

CVE-2018-14635

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions openstack-neutron versions prior to 13.0.0.0b2 openstack-neutron version 12.0.3 and earlier openstack-neutron version 11.0.5 and earlier

Description The issue allows non-privileged tenants to create and attach ports without specifying an IP address, bypassing IP address validation. This could lead to a denial of service if an IP address conflicting with existing guests or routers is assigned from outside the allowed allocation pool.

Recommendations For versions prior to 13.0.0.0b2, update to version 13.0.0.0b2 or later. For version 12.0.3 and earlier, update to version 12.0.4 or later. For version 11.0.5 and earlier, update to version 11.0.6 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-14635

GHSA-X634-34M9-96MP

PYSEC-2018-93

RHSA-2018:2710

RHSA-2018:2715

RHSA-2018:3792

Produtos afetados

Openstack Neutron

PT-2018-12630 · Openstack · Openstack Neutron

CVE-2018-14635

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19