Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-3221

CWE-20 — Improper Input Validation CWE-24810 documents8 sources

Severity

4.0MEDIUM

EPSS

12.6%

top 6.04%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openstack Neutron

Timeline

PublishedAug 26

Latest updateMay 14

Description

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/neutron2014.2 — 2014.2.4+1

▶PyPIneutron2015.1.0 — 2015.1.1+1

▶Debianneutron< 2015.1.0+2015.06.24.git61.bdf194a0e1-1+3

🔴Vulnerability Details

OSV

OpenStack Neutron Improper Input Validation vulnerability↗2022-05-14

▶

GHSA

OpenStack Neutron Improper Input Validation vulnerability↗2022-05-14

▶

OSV

CVE-2015-3221: OpenStack Neutron before 2014↗2015-08-26

▶

CVEList

CVE-2015-3221: OpenStack Neutron before 2014↗2015-08-26

▶

💥Exploits & PoCs

Exploit-DB

GeniXCMS 0.0.3 - Cross-Site Scripting↗2015-06-24

▶

📋Vendor Advisories

Red Hat

openstack-neutron: L2 agent DoS through incorrect allowed address pairs↗2015-06-23

▶

Debian

CVE-2015-3221: neutron - OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), wh...↗2015

▶

💬Community

Bugzilla

CVE-2015-3221 openstack-neutron: L2 agent DoS through incorrect allowed address pairs [fedora-all]↗2015-07-06

▶

Bugzilla

CVE-2015-3221 openstack-neutron: L2 agent DoS through incorrect allowed address pairs↗2015-06-16

▶