Open vSwitch Firewall Rule Vulnerability in OpenStack Neutron
CVE-2021-20267

7.1HIGH

Key Information:

Vendor: Openstack
Status: Openstack-neutron
Vendor: CVE Published:; 28 May 2021

Summary

A vulnerability exists in the default firewall rules of Open vSwitch within the OpenStack Neutron project. This flaw allows an attacker with control over a server instance linked to the affected virtual switch to send crafted packets that impersonate the IPv6 addresses of other devices on the network. This behavior can lead to denial-of-service conditions or unauthorized interception of network traffic meant for different destinations, impacting overall network security. Deployments utilizing the Open vSwitch driver prior to the specified safe versions are particularly at risk.

Affected Version(s)

openstack-neutron openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1934330

x_refsource_MISC

https://security.openstack.org/ossa/OSSA-2021-001.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Dec 17, 2020