Published: 23/08/2021 Updated: 08/08/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

OpenStack Neutron prior to 16.4.1, 17.x prior to 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron 18.0.0
openstack neutron

Pavel Toporkov discovered a vulnerability in Neutron, the OpenStack virtual network service, which allowed a reconfiguration of dnsmasq via crafted dhcp_extra_opts parameters For the oldstable distribution (buster), this problem has been fixed in version 2:1307+git20210927bace3d1890-0+deb10u1 This update also fixes CVE-2021-20267 For the s ...

No description is available for this CVE ...

CWE-290 https://launchpad.net/bugs/1938670 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4983

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-38598

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect