Published: 05/04/2019 Updated: 04/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

An issue exists in OpenStack Neutron 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron
redhat openstack 13
redhat openstack 14

Debian Bug report logs - #926502 neutron: CVE-2019-10876: Unable to install new flows on compute nodes when having broken security group rules Package: src:neutron; Maintainer for src:neutron is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Ap ...

Synopsis Important: openstack-neutron security and bug fix update Type/Severity Security Advisory: Important Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common V ...

Synopsis Important: openstack-neutron security update Type/Severity Security Advisory: Important Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

NVD-CWE-noinfo https://review.openstack.org/#/q/topic:bug/1813007 https://bugs.launchpad.net/ossa/+bug/1813007 https://security.openstack.org/ossa/OSSA-2019-002.html http://www.openwall.com/lists/oss-security/2019/04/09/2 https://access.redhat.com/errata/RHSA-2019:0935 https://access.redhat.com/errata/RHSA-2019:0879 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502 https://nvd.nist.gov

CVE-2019-10876

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect