OpenStack Neutron Security Group Bypass Vulnerability
CVE-2014-0187

Currently unrated

Key Information:

Vendor

Openstack
Status
Neutron
Vendor
CVE Published:
28 April 2014

What is CVE-2014-0187?

The OpenStack Neutron service has a vulnerability in the openvswitch-agent process that enables remote authenticated users to bypass established security group restrictions. This occurs due to the allowance of an invalid CIDR (Classless Inter-Domain Routing) in a security group rule, which in turn prevents the enforcement of further security rules. This flaw may be exploited by an attacker to gain unauthorized access to network resources, compromising the security posture of the OpenStack environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-updates/2014-08/msg000...
vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2014/04/22/8
mailing-listx_refsource_MLIST
http://secunia.com/advisories/59533
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.