CVE-2021-38598 Information

Description

OpenStack Neutron before 16.4.1 17.x before 17.1.3 and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Reference

https://launchpad.net/bugs/1938670

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.1