CVE-2017-7543

2018-07-2614:29:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

70.3%

JSON

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

OSVersionArchitecturePackageVersionFilename
Debian12allneutron< 2:21.0.0-7neutron_2:21.0.0-7_all.deb
Debian11allneutron< 2:17.2.1-0+deb11u1neutron_2:17.2.1-0+deb11u1_all.deb
Debian999allneutron< 2:25.0.0~rc2-1neutron_2:25.0.0~rc2-1_all.deb
Debian13allneutron< 2:25.0.0~rc1-2neutron_2:25.0.0~rc1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	neutron	< 2:21.0.0-7	neutron_2:21.0.0-7_all.deb
Debian	11	all	neutron	< 2:17.2.1-0+deb11u1	neutron_2:17.2.1-0+deb11u1_all.deb
Debian	999	all	neutron	< 2:25.0.0~rc2-1	neutron_2:25.0.0~rc2-1_all.deb
Debian	13	all	neutron	< 2:25.0.0~rc1-2	neutron_2:25.0.0~rc1-2_all.deb