Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0187

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2014-0187
Last Modified 13 Sep 2014 01:23:15
Published 28 Apr 2014 10:09:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-0187

Summary

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

Vulnerable Systems

Application

  • Openstack Neutron 2013.1

  • Openstack Neutron 2013.1.1

  • Openstack Neutron 2013.1.2

  • Openstack Neutron 2013.1.3

  • Openstack Neutron 2013.1.4

  • Openstack Neutron 2013.1.5

  • Openstack Neutron 2013.2

  • Openstack Neutron 2013.2.1

  • Openstack Neutron 2013.2.2

  • Openstack Neutron 2013.2.3

  • Openstack Neutron 2014.1


References

CONFIRM - https://bugs.launchpad.net/neutron/+bug/1300785

MLIST - [oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)

UBUNTU - USN-2255-1

SECUNIA - 59533

SUSE - openSUSE-SU-2014:1051


Last Updated: 27 May 2016 11:06:18