OpenStack Neutron Security Group Bypass Vulnerability
CVE-2014-0187

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
28 April 2014

Summary

The OpenStack Neutron service has a vulnerability in the openvswitch-agent process that enables remote authenticated users to bypass established security group restrictions. This occurs due to the allowance of an invalid CIDR (Classless Inter-Domain Routing) in a security group rule, which in turn prevents the enforcement of further security rules. This flaw may be exploited by an attacker to gain unauthorized access to network resources, compromising the security posture of the OpenStack environment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.