cbcvebase.
CVE-2014-0187
published 2014-04-28

CVE-2014-0187: The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group…

PriorityP341critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
2.92%
85.3th percentile
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

Affected

20 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianneutron< neutron 2014.1.2-1 (bookworm)neutron 2014.1.2-1 (bookworm)
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron
openstackneutron>= 0 < 2014.1.2-12014.1.2-1
openstackneutron>= 0 < 2014.1.2-12014.1.2-1
openstackneutron>= 0 < 2014.1.2-12014.1.2-1
openstackneutron>= 0 < 2014.1.2-12014.1.2-1
openstackneutron>= 0 < 1:2014.1-0ubuntu1.31:2014.1-0ubuntu1.3
opensuseopensuse

CVSS provenance

nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_debian9.0CRITICAL
vendor_redhat9.0CRITICAL
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.