CVE-2014-4167

CWE-2648 documents8 sources

Severity

3.5LOW

EPSS

0.6%

top 31.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Canonical Ubuntu Linux

Timeline

PublishedJul 11

Latest updateMay 14

Description

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDopenstack/neutron2011.1 — 2013.2.3+2

▶Debianneutron< 2014.1.1-1+3

Also affects: Ubuntu Linux 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-r7cp-gqhf-qm59: The L3-agent in OpenStack Neutron before 2013↗2022-05-14

▶

CVEList

CVE-2014-4167: The L3-agent in OpenStack Neutron before 2013↗2014-07-11

▶

OSV

CVE-2014-4167: The L3-agent in OpenStack Neutron before 2013↗2014-07-11

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerabilities↗2014-06-25

▶

Red Hat

openstack-neutron: L3-agent denial of service through IPv6 subnet↗2014-04-17

▶

Debian

CVE-2014-4167: neutron - The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and J...↗2014

▶

💬Community

Bugzilla

CVE-2014-4167 openstack-neutron: L3-agent denial of service through IPv6 subnet↗2014-06-17

▶