3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud.
CVE ID: CVE-2014-4167
**Description:**The OpenStack Neutron L3-agent is vulnerable to a denial of service attack. A malicious user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Only Neutron setups using IPv6 and L3-agent are affected.
CVSS Base Score: 4.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cloud Manager with OpenStack 4.1.0
Product
| VRMF| APAR| Remediation/First Fix| Required Action
—|—|—|—|—
Cloud Manager with OpenStack| 4.1.0| None| Cloud Manager with OpenStack 4.1.0.3 Fix Pack:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.2&platform=All&function=fixId&fixids=+4.1.0.3-IBM-CMWO-FP03+&includeSupersedes=0| Cloud Manager with OpenStack 4.1.0.3 Fix Pack:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400001884
Only IBM Cloud Manager with Openstack configurations using Neutron for networking and using IPv6 and the L3-agent are affected.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 4.1.0 |