CVE-2016-5362

CWE-254 CWE-92310 documents7 sources

Severity

8.2HIGH

EPSS

6.3%

top 9.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron

Timeline

PublishedJun 17

Latest updateMay 14

Description

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

▶NVDopenstack/neutron7.0.0 — 7.0.4+1

▶PyPIneutron8.0.0 — 8.1.1+1

▶Debianneutron< 2:8.1.2-1+3

🔴Vulnerability Details

OSV

OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism↗2022-05-14

▶

GHSA

OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism↗2022-05-14

▶

OSV

CVE-2016-5362: The IPTables firewall in OpenStack Neutron before 7↗2016-06-17

▶

CVEList

CVE-2016-5362: The IPTables firewall in OpenStack Neutron before 7↗2016-06-17

▶

📋Vendor Advisories

Red Hat

openstack-neutron: DHCP spoofing vulnerability↗2016-03-29

▶

Debian

CVE-2016-5362: neutron - The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 ...↗2016

▶

💬Community

Bugzilla

CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 openstack-neutron: various flaws [openstack-rdo]↗2016-06-23

▶

Bugzilla

CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 openstack-neutron: various flaws [fedora-all]↗2016-06-23

▶

Bugzilla

CVE-2016-5362 openstack-neutron: DHCP spoofing vulnerability↗2016-06-13

▶