CVE-2016-5363

CWE-25410 documents7 sources
Severity
8.2HIGH
EPSS
4.7%
top 10.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Neutron
Timeline
PublishedJun 17
Latest updateMay 17

Description

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

NVDopenstack/neutron7 versions+6
PyPIneutron8.0.08.1.0+1
Debianneutron< 2:8.1.2-1+3

🔴Vulnerability Details

4
GHSA
OpenStack Neutron Intended MAC-spoofing protection mechanism bypass2022-05-17
OSV
OpenStack Neutron Intended MAC-spoofing protection mechanism bypass2022-05-17
OSV
CVE-2016-5363: The IPTables firewall in OpenStack Neutron before 72016-06-17
CVEList
CVE-2016-5363: The IPTables firewall in OpenStack Neutron before 72016-06-17

📋Vendor Advisories

2
Red Hat
openstack-neutron: MAC source address spoofing vulnerability2016-03-29
Debian
CVE-2016-5363: neutron - The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 ...2016

💬Community

3
Bugzilla
CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 openstack-neutron: various flaws [openstack-rdo]2016-06-23
Bugzilla
CVE-2015-8914 CVE-2016-5362 CVE-2016-5363 openstack-neutron: various flaws [fedora-all]2016-06-23
Bugzilla
CVE-2016-5363 openstack-neutron: MAC source address spoofing vulnerability2016-06-13
CVE-2016-5363 (HIGH CVSS 8.2) | The IPTables firewall in OpenStack | cvebase.io