CVE-2014-0187

Published Apr 28, 2014

Last updated 3 months ago

CVSS info 9.0

Overview

Description: The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22D37364-1253-495F-A3E0-CA4CEFBF2587"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49D7F58E-536B-4E57-B02E-AB2A39AA4EAF"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81C24D0C-8F7B-48D3-825C-AC3ACD87F461"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0774CBBB-8DF6-468F-AFD9-0C0FE314FF10"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6772F036-DD92-40C4-AAAA-227BD41162FA"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B90A2150-AAC4-468E-ABF6-59071E02D911"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B77F147E-3FD8-40C9-9BB0-C7F27EC1E59B"
          },
          {
            "criteria": "cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC034B0-18F8-4227-8EB3-F7109D2F8FC1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References