PT-2017-16770 · Openstack+1 · Openstack Nova-Lxd+1

James Page

Published

2017-02-08

Updated

2022-05-13

CVE-2017-5936

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Nova-LXD versions prior to 13.1.1

Description The issue allows remote attackers to bypass intended security restrictions due to the wrong name being used for the veth pairs when applying Neutron security group rules for instances.

Recommendations For versions prior to 13.1.1, update to version 13.1.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-5936

GHSA-6XC7-4CX8-J3XC

PYSEC-2017-21

USN-3195-1

Affected Products

Openstack Nova-Lxd

Ubuntu

PT-2017-16770 · Openstack+1 · Openstack Nova-Lxd+1

CVE-2017-5936

Related Identifiers

Affected Products

References · 19