Hardware Address Impersonation in OpenStack Neutron by OpenStack
CVE-2021-38598
9.1CRITICAL
Summary
This vulnerability in OpenStack Neutron allows an attacker controlling a compromised server instance to impersonate the hardware addresses of other devices on the network. When using the linuxbridge driver with ebtables-nft on a Netfilter-based platform, malicious actors can send specially crafted packets that enable them to manipulate network traffic. This could lead to Denial of Service attacks or the unauthorized interception of sensitive information aimed at other systems.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved