Openstack · Openstack Neutron · CVE-2015-5240
**Name of the Vulnerable Software and Affected Versions**
OpenStack Neutron versions prior to 2014.2.4
OpenStack Neutron versions prior to 2015.1.2
**Description**
A race condition exists when using the ML2 plugin or the security groups AMQP API, allowing remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with 'network:' before the security group rules are applied.
**Recommendations**
For OpenStack Neutron versions prior to 2014.2.4, update to version 2014.2.4 or later to resolve the issue.
For OpenStack Neutron versions prior to 2015.1.2, update to version 2015.1.2 or later to resolve the issue.