CVE-2021-20267

7.1HIGH

Key Information

Vendor: Openstack
Status: Openstack-neutron
Vendor: CVE Published:; 28 May 2021

Summary

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Affected Version(s)

openstack-neutron = openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 28, 2021
Vulnerability Reserved.
Dec 17, 2020

Collectors

NVD DatabaseMitre Database