// For flags

CVE-2014-0187

openstack-neutron: security groups bypass through invalid CIDR

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a través de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican más reglas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-04-28 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1
Search vendor "Openstack" for product "Neutron" and version "2013.1"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1.1
Search vendor "Openstack" for product "Neutron" and version "2013.1.1"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1.2
Search vendor "Openstack" for product "Neutron" and version "2013.1.2"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1.3
Search vendor "Openstack" for product "Neutron" and version "2013.1.3"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1.4
Search vendor "Openstack" for product "Neutron" and version "2013.1.4"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.1.5
Search vendor "Openstack" for product "Neutron" and version "2013.1.5"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.2
Search vendor "Openstack" for product "Neutron" and version "2013.2"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.2.1
Search vendor "Openstack" for product "Neutron" and version "2013.2.1"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.2.2
Search vendor "Openstack" for product "Neutron" and version "2013.2.2"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2013.2.3
Search vendor "Openstack" for product "Neutron" and version "2013.2.3"
-
Affected
Openstack
Search vendor "Openstack"
Neutron
Search vendor "Openstack" for product "Neutron"
2014.1
Search vendor "Openstack" for product "Neutron" and version "2014.1"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
13.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "13.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected