Hardware Address Impersonation in OpenStack Neutron by OpenStack
CVE-2021-38598

9.1CRITICAL

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
23 August 2021

Summary

This vulnerability in OpenStack Neutron allows an attacker controlling a compromised server instance to impersonate the hardware addresses of other devices on the network. When using the linuxbridge driver with ebtables-nft on a Netfilter-based platform, malicious actors can send specially crafted packets that enable them to manipulate network traffic. This could lead to Denial of Service attacks or the unauthorized interception of sensitive information aimed at other systems.

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.