Lucene search

[email protected]CVE-2014-8153

HistoryJan 15, 2015 - 3:59 p.m.

CVE-2014-8153

2015-01-1515:59:08

CWE-20

[email protected]

web.nvd.nist.gov

openstack

neutron

cve-2014-8153

l3 agent

denial of service

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

Affected configurations

NVD

Node

litechrouter_advertisement_daemonMatch2.0

Node

openstackneutronMatch2014.2

openstackneutronMatch2014.2.1

CPENameOperatorVersion
litech:router_advertisement_daemonlitech router advertisement daemoneq2.0

CPE	Name	Operator	Version
litech:router_advertisement_daemon	litech router advertisement daemon	eq	2.0

References

lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html

www.securityfocus.com/bid/71961

bugs.launchpad.net/neutron/+bug/1398779

bugs.launchpad.net/neutron/+bug/1399172

bugzilla.redhat.com/show_bug.cgi?id=1169408

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2014-8153

debiancve1 ubuntucve1 cvelist1 prion1 nvd1