PT-2016-4058 · Openstack · Openstack Neutron

Romain Aviolat

Published

2016-06-17

Updated

2022-05-14

CVE-2015-8914

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions prior to 7.0.4 OpenStack Neutron versions 8.0.0 through 8.1.0

Description The issue allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism, which can lead to a denial of service or the interception of network traffic via a link-local source address.

Recommendations For versions prior to 7.0.4, update to version 7.0.4 or later. For versions 8.0.0 through 8.1.0, update to a version later than 8.1.0.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-923CWE-254

Related Identifiers

CVE-2015-8914

GHSA-3VJ4-CVJP-482H

RHSA-2016:1473

RHSA-2016:1474

Affected Products

Openstack Neutron

PT-2016-4058 · Openstack · Openstack Neutron

CVE-2015-8914

Weakness Enumeration

Related Identifiers

Affected Products

References · 18