Main Vulnerability Database Vulnerabilities #VU20804

Information disclosure in os-vif - CVE-2019-15753

Published: September 2, 2019 / Updated: December 5, 2020

Vulnerability identifier: #VU20804

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-15753

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: OpenDev

Affected software:
os-vif

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to software uses a hard-coded MAC ageing time of 0. An attacker on the local network can intercept network traffic or perform denial of service attack.

How to mitigate CVE-2019-15753

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2019/08/29/2
https://launchpad.net/bugs/1837252
https://review.opendev.org/672834
https://review.opendev.org/678098
https://security.openstack.org/ossa/OSSA-2019-004.html

Information disclosure in os-vif - CVE-2019-15753

Detailed vulnerability description

How to mitigate CVE-2019-15753

Sources

Please verify you're human