Published: 10/09/2018 Updated: 04/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron prior to 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openstack 12
redhat openstack 10
redhat openstack 13
openstack neutron
openstack neutron 13.0.0.0

Synopsis Moderate: openstack-neutron security update Type/Severity Security Advisory: Moderate Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 120 (Pike)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Synopsis Moderate: openstack-neutron security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...

Synopsis Moderate: Red Hat Enterprise Linux OpenStack Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: openstack-neutron security update Type/Severity Security Advisory: Moderate Topic An update for openstack-neutron is now available for Red Hat OpenStackPlatform 130 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scor ...

CWE-20 https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635 https://bugs.launchpad.net/neutron/+bug/1757482 https://access.redhat.com/errata/RHSA-2018:2715 https://access.redhat.com/errata/RHSA-2018:2710 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:3792 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:3792

CVE-2018-14635

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect