CVE-2014-8153

CWE-20 — Improper Input Validation7 documents7 sources

Severity

4.0MEDIUM

EPSS

0.7%

top 27.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Litech Router Advertisement Daemon Openstack Neutron

Timeline

PublishedJan 15

Latest updateMay 17

Description

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/neutron2014.2, 2014.2.1+1

▶Ubuntuneutron< 1:2014.1.3-0ubuntu1.1

▶NVDlitech/router_advertisement_daemon2.0

🔴Vulnerability Details

GHSA

GHSA-rqg5-f3m3-r3xh: The L3 agent in OpenStack Neutron 2014↗2022-05-17

▶

OSV

CVE-2014-8153: The L3 agent in OpenStack Neutron 2014↗2015-01-15

▶

CVEList

CVE-2014-8153: The L3 agent in OpenStack Neutron 2014↗2015-01-15

▶

📋Vendor Advisories

Red Hat

openstack-neutron: L3 agent denial of service with radvd 2.0+ (OSSA 2015-001)↗2015-01-08

▶

Debian

CVE-2014-8153: neutron - The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0...↗2014

▶

💬Community

Bugzilla

CVE-2014-8153 openstack-neutron: L3 agent denial of service with radvd 2.0+ (OSSA 2015-001)↗2015-01-09

▶