OpenStack Neutron L3 Agent Port Creation Vulnerability
CVE-2014-0056

Currently unrated

Key Information:

Vendor

Openstack
Status
Neutron
Vendor
CVE Published:
8 May 2014

What is CVE-2014-0056?

The l3-agent component in OpenStack Neutron versions prior to 2013.2.3 is susceptible to an improper access control vulnerability. It fails to validate the tenant ID during port creation. This oversight permits remote authenticated users to manipulate ports, allowing them to connect to routers belonging to other tenants by using a device ID in the port creation command. Such behavior can lead to serious network segmentation issues and unauthorized access to tenant resources, significantly compromising the overall security posture of affected environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2014/03/27/5
mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0516.html
vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2194-1
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.