CVE-2015-8914
openstack-neutron: ICMPv6 source address spoofing vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección ICMPv6-spoofing y consecuentemente causar una denegación de servicio o interceptar tráfico de la red a través de de una dirección fuente local de enlace.
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-10 CVE Reserved
- 2016-06-17 CVE Published
- 2023-09-18 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/06/10/5 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/06/10/6 | Mailing List | |
https://review.openstack.org/#/c/300233 | Third Party Advisory | |
https://review.openstack.org/#/c/310648 | Third Party Advisory | |
https://review.openstack.org/#/c/310652 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/neutron/+bug/1502933 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1473 | 2018-10-19 | |
https://access.redhat.com/errata/RHSA-2016:1474 | 2018-10-19 | |
https://security.openstack.org/ossa/OSSA-2016-009.html | 2018-10-19 | |
https://access.redhat.com/security/cve/CVE-2015-8914 | 2016-07-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1345892 | 2016-07-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Neutron Search vendor "Openstack" for product "Neutron" | >= 7.0.0 < 7.0.4 Search vendor "Openstack" for product "Neutron" and version " >= 7.0.0 < 7.0.4" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Neutron Search vendor "Openstack" for product "Neutron" | >= 8.0.0 <= 8.1.0 Search vendor "Openstack" for product "Neutron" and version " >= 8.0.0 <= 8.1.0" | - |
Affected
|