CVE-2018-14635

CVE Database · CVE-2018-14635

CVE-2018-14635

· N/AModified

CVSS v3.1

N/A

EPSS

2.53%

Published

Sep 10, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (6)

redhat · openstackvulnerable

openstack · neutronvulnerable

References (14)

https://access.redhat.com/errata/RHSA-2018:2710

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2715

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2721

Third Party Advisory