CVE-2021-20267

Published: May 28, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Affected (7)

Products: Openstack: Neutron · Redhat: Openstack Platform

1 product

1 product

Openstack Platform

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Neutron	Before 16.3.3
Openstack Neutron	From 17.0.0 to 17.1.3
Openstack Neutron	Version 18.0.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 10.0
Redhat Openstack Platform	Version 13.0
Redhat Openstack Platform	Version 16.1
Redhat Openstack Platform	Version 16.2

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1934330

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://security.openstack.org/ossa/OSSA-2021-001.html

Source: secalert@redhat.com

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1934330

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.openstack.org/ossa/OSSA-2021-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.