PT-2018-12630 · Openstack · Openstack Neutron

Published

2018-09-10

Updated

2022-05-13

CVE-2018-14635

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions openstack-neutron versions prior to 13.0.0.0b2 openstack-neutron version 12.0.3 and earlier openstack-neutron version 11.0.5 and earlier

Description The issue allows non-privileged tenants to create and attach ports without specifying an IP address, bypassing IP address validation. This could lead to a denial of service if an IP address conflicting with existing guests or routers is assigned from outside the allowed allocation pool.

Recommendations For versions prior to 13.0.0.0b2, update to version 13.0.0.0b2 or later. For version 12.0.3 and earlier, update to version 12.0.4 or later. For version 11.0.5 and earlier, update to version 11.0.6 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-14635

GHSA-X634-34M9-96MP

PYSEC-2018-93

RHSA-2018:2710

RHSA-2018:2715

RHSA-2018:3792

Affected Products

Openstack Neutron

PT-2018-12630 · Openstack · Openstack Neutron

CVE-2018-14635

Weakness Enumeration

Related Identifiers

Affected Products

References · 19