CVE-2017-7543

CWE-362 — Race Condition8 documents7 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 36.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron RED HAT Openstack-neutron Redhat Openstack

Timeline

PublishedJul 26

Latest updateMay 13

Description

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶NVDopenstack/neutron7.0.0 — 7.2.0-12.1+3

▶CVEListV5red_hat/openstack-neutron4 versions+3

▶PyPIneutron8.0.0 — 8.3.0-11.1+3

▶NVDredhat/openstack6 versions+5

🔴Vulnerability Details

OSV

OpenStack Neutron Race Condition vulnerability↗2022-05-13

▶

GHSA

OpenStack Neutron Race Condition vulnerability↗2022-05-13

▶

CVEList

CVE-2017-7543: A race-condition flaw was discovered in openstack-neutron before 7↗2018-07-26

▶

📋Vendor Advisories

Red Hat

openstack-neutron: iptables not active after update↗2017-08-08

▶

Debian

CVE-2017-7543: neutron - A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x...↗2017

▶

💬Community

Bugzilla

CVE-2017-7543 openstack-neutron: iptables not active after update↗2017-07-21

▶

Bugzilla

CVE-2016-7543 bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution↗2016-09-27

▶