CVE-2014-0071 — Redhat Openstack vulnerability

CWE-2647 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

0.1%

top 68.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Redhat Openstack

Timeline

PublishedApr 17

Latest updateMay 17

Description

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debianopenstack/neutron< 2014.1-1+3

▶NVDredhat/openstack4.0

🔴Vulnerability Details

GHSA

GHSA-c9wp-3wwr-qvrc: PackStack in Red Hat OpenStack 4↗2022-05-17

▶

CVEList

CVE-2014-0071: PackStack in Red Hat OpenStack 4↗2014-04-17

▶

OSV

CVE-2014-0071: PackStack in Red Hat OpenStack 4↗2014-04-17

▶

📋Vendor Advisories

Debian

CVE-2014-0071: neutron - PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups ...↗2014

▶

Red Hat

PackStack: Neutron Security Groups fail to block network traffic↗2013-12-17

▶

💬Community

Bugzilla

CVE-2014-0071 OpenStack PackStack: Neutron Security Groups fail to block network traffic↗2014-02-12

▶