The vulnerability of the iptables security group driver of the Neutron SDN-platform for OpenStack, related to incorrect handling of security group configurations, allows attackers to circumvent established security policy rules.

🗓️ 25 Apr 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Neutron iptables security group driver vulnerability bypasses rules via improper config handling.

Reporter	Title	Published	Views	Family All 43
CNVD	OpenStack Neutron Security Feature Issue Vulnerability	20 Mar 201900:00	–	cnvd
CVE	CVE-2019-9735	13 Mar 201902:00	–	cve
Cvelist	CVE-2019-9735	13 Mar 201902:00	–	cvelist
Debian	[SECURITY] [DSA 4409-1] neutron security update	18 Mar 201922:15	–	debian
Debian CVE	CVE-2019-9735	13 Mar 201902:00	–	debiancve
Tenable Nessus	Debian DSA-4409-1 : neutron - security update	20 Mar 201900:00	–	nessus
Tenable Nessus	RHEL 7 : openstack-neutron (RHSA-2019:0879)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 7 : Red Hat Enterprise Linux OpenStack Platform (RHSA-2019:0916)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 7 : openstack-neutron (RHSA-2019:0935)	27 Apr 202400:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS : OpenStack Neutron vulnerability (USN-4036-1)	26 Jun 201900:00	–	nessus

Source	Link
launchpad	www.launchpad.net/bugs/1818385
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-9735
security-tracker	www.security-tracker.debian.org/tracker/CVE-2019-9735
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24

CVSS 36.5

EPSS0.01892

neutron iptables security group driver vulnerability bypass rules configuration handling openstack