Race-Condition Flaw in OpenStack Neutron by Red Hat
CVE-2017-7543

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Openstack-neutron
Vendor: CVE Published:; 26 July 2018

🔔 Create Red Hat Vulnerability Alert

What is CVE-2017-7543?

A race-condition vulnerability exists in OpenStack Neutron that can disable security groups during a minor overcloud update. This flaw leads to the reset of critical parameters, allowing unauthorized access to tenant virtual machines and network resources. Attackers could exploit this condition to compromise the security of cloud environments, particularly when these updates are implemented, increasing the need for vigilance and prompt remediation measures.

Affected Version(s)

openstack-neutron openstack-neutron-10.0.2-1.1

openstack-neutron openstack-neutron-8.3.0-11.1

openstack-neutron openstack-neutron-9.3.1-2.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:2447

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:2451

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Apr 5, 2017

.

CVE-2017-7543 : Race-Condition Flaw in OpenStack Neutron by Red Hat