PT-2023-9041 · Unknown+6 · Openvswitch+6

Alex Katz

Publicado

2023-10-06

Atualizado

2026-01-26

CVE-2023-5366

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open vSwitch (affected versions not specified)

Description A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. The vulnerability is related to insufficient authentication of data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

ALT-PU-2024-10743

ALT-PU-2024-6293

AZL-31280

AZL-35087

BDU:2024-03244

CVE-2023-5366

DLA-3734-1

DSA-5640-1

OESA-2023-1732

OPENSUSE-SU-2023_4508-1

OPENSUSE-SU-2024:13657-1

RHSA-2024:1227

RHSA-2024:1234

RHSA-2024:1235

ROSA-SA-2025-2664

SUSE-SU-2023:4508-1

SUSE-SU-2023:4571-1

SUSE-SU-2023:4573-1

SUSE-SU-2023:4657-1

SUSE-SU-2023:4661-1

SUSE-SU-2023:4666-1

SUSE-SU-2023:4714-1

SUSE-SU-2023_4508-1

SUSE-SU-2023_4571-1

SUSE-SU-2023_4573-1

SUSE-SU-2023_4657-1

SUSE-SU-2023_4661-1

SUSE-SU-2023_4666-1

SUSE-SU-2023_4714-1

SUSE-SU-2026:0280-1

SUSE-SU-2026:0290-1

SUSE-SU-2026:20049-1

SUSE-SU-2026:20061-1

USN-6514-1

USN-6690-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Openvswitch

Red Os

Suse

Ubuntu

PT-2023-9041 · Unknown+6 · Openvswitch+6

CVE-2023-5366

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 81