Hardware Address Impersonation in OpenStack Neutron by OpenStack
CVE-2021-38598

9.1CRITICAL

Key Information:

Vendor: Openstack
Status: Neutron
Vendor: CVE Published:; 23 August 2021

Summary

This vulnerability in OpenStack Neutron allows an attacker controlling a compromised server instance to impersonate the hardware addresses of other devices on the network. When using the linuxbridge driver with ebtables-nft on a Netfilter-based platform, malicious actors can send specially crafted packets that enable them to manipulate network traffic. This could lead to Denial of Service attacks or the unauthorized interception of sensitive information aimed at other systems.

References

https://launchpad.net/bugs/1938670

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2021
Vulnerability Reserved
Aug 12, 2021