PT-2014-3525 · Openstack+1 · Openstack Neutron+1

Christoph Thiel

+2

·

Published

2014-04-28

·

Updated

2018-10-30

·

CVE-2014-0187

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions 2013.1 through 2013.2.3 OpenStack Neutron versions 2014.1 through 2014.1.0
Description The issue allows remote authenticated users to bypass security group restrictions. This is achieved by using an invalid CIDR in a security group rule, which prevents further rules from being applied.
Recommendations For OpenStack Neutron versions 2013.1 through 2013.2.3, update to version 2013.2.4 or later. For OpenStack Neutron versions 2014.1 through 2014.1.0, update to version 2014.1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0187
RHSA-2014:0899
USN-2255-1

Affected Products

Openstack Neutron
Ubuntu