CVE-2019-9735

CWE-755 — Improper Exception Handling CWE-20 — Improper Input Validation11 documents8 sources

Severity

6.5MEDIUM

EPSS

1.9%

top 16.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Debian Debian Linux Redhat Openstack

Timeline

PublishedMar 13

Latest updateMay 13

Description

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group dri…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDopenstack/neutron11.0.0 — 11.0.7+3

▶PyPIneutron11.0.0 — 11.0.7+3

▶Debianneutron< 2:13.0.2-13+3

▶NVDredhat/openstack10, 13, 14+2

Also affects: Debian Linux 9.0

Patches

Patch: launchpad.net ↗Patch: security.openstack.org ↗Patch: launchpad.net ↗

🔴Vulnerability Details

GHSA

OpenStack Neutron's unsupported dport option prevents applying security groups↗2022-05-13

▶

OSV

OpenStack Neutron's unsupported dport option prevents applying security groups↗2022-05-13

▶

CVEList

CVE-2019-9735: An issue was discovered in the iptables firewall module in OpenStack Neutron before 10↗2019-03-13

▶

OSV

CVE-2019-9735: An issue was discovered in the iptables firewall module in OpenStack Neutron before 10↗2019-03-13

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerability↗2019-06-25

▶

Red Hat

openstack-neutron: incorrect validation of port settings in iptables security group driver↗2019-03-03

▶

Debian

CVE-2019-9735: neutron - An issue was discovered in the iptables firewall module in OpenStack Neutron bef...↗2019

▶

💬Community

Bugzilla

CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver [openstack-rdo]↗2019-03-20

▶

Bugzilla

CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver↗2019-03-20

▶

Bugzilla

CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver (OSSA-2019-001) [openstack-10]↗2019-03-19

▶