7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
[
{
"product": "openvswitch",
"vendor": "n/a",
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.10",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.11",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.12",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.13",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.15",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.11",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.12",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.13",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.15",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.16",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.17",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch3.1",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.17",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch3.0",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Fast Datapath for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch3.1",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 3.11",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch-ovn-kubernetes",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.15",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.16",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.17",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch3.0",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch3.1",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-openvswitch",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhosp-openvswitch",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openvswitch2.11",
"defaultStatus": "affected",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "redhat-virtualization-host",
"defaultStatus": "affected",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
]
},
{
"product": "Fedora",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "openvswitch",
"defaultStatus": "affected"
}
]
www.openwall.com/lists/oss-security/2024/02/08/4
access.redhat.com/security/cve/CVE-2023-5366
bugzilla.redhat.com/show_bug.cgi?id=2006347
lists.debian.org/debian-lts-announce/2024/02/msg00004.html
lists.fedoraproject.org/archives/list/[email protected]/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/
lists.fedoraproject.org/archives/list/[email protected]/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%