CVE-2019-10876 Information

Description

An issue was discovered in OpenStack Neutron 11.x before 11.0.7 12.x before 12.0.6 and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.openwall.com/lists/oss-security/2019/04/09/2 https://access.redhat.com/errata/RHSA-2019:0879 https://access.redhat.com/errata/RHSA-2019:0935 https://bugs.launchpad.net/ossa/+bug/1813007 https://review.openstack.org//q/topic:bug/1813007 https://security.openstack.org/ossa/OSSA-2019-002.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5