fkie_nvd - fkie_cve-2014-0187

fkie_cve-2014-0187

Vulnerability from fkie_nvd

Published

2014-04-28 14:09

Modified

2025-04-12 10:46

Severity ?

Summary

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html
secalert@redhat.com	http://secunia.com/advisories/59533
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2014/04/22/8
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2255-1
secalert@redhat.com	https://bugs.launchpad.net/neutron/+bug/1300785	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59533
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/04/22/8
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2255-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/neutron/+bug/1300785	Vendor Advisory

Impacted products

Vendor	Product	Version
openstack	neutron	2013.1
openstack	neutron	2013.1.1
openstack	neutron	2013.1.2
openstack	neutron	2013.1.3
openstack	neutron	2013.1.4
openstack	neutron	2013.1.5
openstack	neutron	2013.2
openstack	neutron	2013.2.1
openstack	neutron	2013.2.2
openstack	neutron	2013.2.3
openstack	neutron	2014.1
canonical	ubuntu_linux	13.04
canonical	ubuntu_linux	14.04
opensuse	opensuse	13.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D37364-1253-495F-A3E0-CA4CEFBF2587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D7F58E-536B-4E57-B02E-AB2A39AA4EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C24D0C-8F7B-48D3-825C-AC3ACD87F461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0774CBBB-8DF6-468F-AFD9-0C0FE314FF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6772F036-DD92-40C4-AAAA-227BD41162FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B90A2150-AAC4-468E-ABF6-59071E02D911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77F147E-3FD8-40C9-9BB0-C7F27EC1E59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC034B0-18F8-4227-8EB3-F7109D2F8FC1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied."
    },
    {
      "lang": "es",
      "value": "El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a trav\u00e9s de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican m\u00e1s reglas."
    }
  ],
  "id": "CVE-2014-0187",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-28T14:09:06.237",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59533"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2255-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/neutron/+bug/1300785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2255-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/neutron/+bug/1300785"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-0187 (GCVE-0-2014-0187)

Vulnerability from cvelistv5

Published

2014-04-28 14:00