CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
38.4%
Live-migrated instances are briefly able to inspect traffic for other
instances on the same hypervisor. This brief window could be extended
indefinitely if the instance’s port is set administratively down prior to
live-migration and kept down after the migration is complete. This is
possible due to the Open vSwitch integration bridge being connected to the
instance during migration. When connected to the integration bridge, all
traffic for instances using the same Open vSwitch instance would
potentially be visible to the migrated guest, as the required Open vSwitch
VLAN filters are only applied post-migration. Versions of openstack-neutron
before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
38.4%