Race Condition Vulnerability in OpenStack Neutron Affecting Security Features
CVE-2015-5240

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
27 October 2015

Summary

A race condition exists in OpenStack Neutron that allows remote authenticated users to bypass IP anti-spoofing mechanisms. This issue occurs when the ML2 plugin or the security groups AMQP API is utilized, enabling attackers to exploit the ability to change the device owner of a port to initiate with 'network:'. By doing so, they can circumvent security group rules before they are fully applied, potentially leading to unauthorized access or network configuration changes.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.