Denial of service in openstack-neutron
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-14635 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openstack-neutron Client/Desktop applications / Other client software |
| Vendor | Openstack |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper input validation
EUVDB-ID: #VU16341
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14635
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to improper IP address validation by the affected software when the Linux bridge ml2 driver is used.. A remote attacker can add a router interface to a network's subnet that includes an IP address outside the subnet's allocation pool and cause a DoS condition if the added IP address is already assigned to another system.
MitigationThe vulnerability has been fixed in the version 13.0.0.0b2, 12.0.3, 11.0.5.
Vulnerable software versionsopenstack-neutron: 9.0.0 - 12.0.2
External linkshttp://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
