Improper input validation in openstack-neutron - CVE-2018-14635
Published: December 7, 2018 / Updated: December 10, 2018
Vulnerability identifier: #VU16341
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-14635
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Openstack
Affected software:
openstack-neutron
openstack-neutron
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to improper IP address validation by the affected software when the Linux bridge ml2 driver is used.. A remote attacker can add a router interface to a network's subnet that includes an IP address outside the subnet's allocation pool and cause a DoS condition if the added IP address is already assigned to another system.
How to mitigate CVE-2018-14635
The vulnerability has been fixed in the version 13.0.0.0b2, 12.0.3, 11.0.5.