CVE-2021-38598
published 2021-08-23CVE-2021-38598: OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on…
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.21%
64.6th percentile
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neutron | < neutron 2:18.1.0-2 (bookworm) | neutron 2:18.1.0-2 (bookworm) |
| openstack | neutron | < 16.4.1 | 16.4.1 |
| openstack | neutron | — | — |
| openstack | neutron | >= 0 < 2:17.2.1-0+deb11u1 | 2:17.2.1-0+deb11u1 |
| openstack | neutron | >= 0 < 2:18.1.0-2 | 2:18.1.0-2 |
| openstack | neutron | >= 0 < 2:18.1.0-2 | 2:18.1.0-2 |
| openstack | neutron | >= 0 < 2:18.1.0-2 | 2:18.1.0-2 |
| openstack | neutron | >= 0 < 16.4.1 | 16.4.1 |
| openstack | neutron | >= 0 < 2:12.1.1-0ubuntu8.1 | 2:12.1.1-0ubuntu8.1 |
| openstack | neutron | >= 0 < 2:16.4.2-0ubuntu6.2 | 2:16.4.2-0ubuntu6.2 |
| openstack | neutron | >= 0 < 2:20.3.0-0ubuntu1.1 | 2:20.3.0-0ubuntu1.1 |
| openstack | neutron | >= 17.0.0 < 17.1.3 | 17.1.3 |
| openstack | neutron | >= 17.0.0 < 17.1.3 | 17.1.3 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
neutron vulnerabilities
osv·2023-05-10·CVSS 7.1
CVE-2021-20267 [HIGH] neutron vulnerabilities
neutron vulnerabilities
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)
Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)
Pavel Toporkov discovered that OpenStack Neutron incorrectly handled
extra_dhcp_opts values. An attacker could possibly use this issue to
OSV
OpenStack Neutron vulnerable to hardware address impersonation
osv·2022-05-24
CVE-2021-38598 [HIGH] OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
GHSA
OpenStack Neutron vulnerable to hardware address impersonation
ghsa·2022-05-24
CVE-2021-38598 [HIGH] CWE-863 OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
OSV
CVE-2021-38598: OpenStack Neutron before 16
osv·2021-08-23·CVSS 9.1
CVE-2021-38598 [CRITICAL] CVE-2021-38598: OpenStack Neutron before 16
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Ubuntu
OpenStack Neutron vulnerabilities
vendor_ubuntu·2023-05-10·CVSS 7.1
CVE-2021-20267 [HIGH] OpenStack Neutron vulnerabilities
Title: OpenStack Neutron vulnerabilities
Summary: Several security issues were fixed in OpenStack Neutron.
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)
Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)
Pavel Toporkov discovered that OpenStack Neutron incor
Red Hat
openstack-neutron: Linuxbridge ARP filter bypass on Netfilter platforms
vendor_redhat·2021-08-10·CVSS 9.1
CVE-2021-38598 [CRITICAL] CWE-290 openstack-neutron: Linuxbridge ARP filter bypass on Netfilter platforms
openstack-neutron: Linuxbridge ARP filter bypass on Netfilter platforms
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
A vulnerability was found in neutron's Linux bridge driver on newer Netfilter-based platforms. This flaw allows a malicious user in control of a server instance connected to the virtual switch to send a crafted packet and impersonate hardware a
Debian
CVE-2021-38598: neutron - OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware ...
vendor_debian·2021·CVSS 9.1
CVE-2021-38598 [CRITICAL] CVE-2021-38598: neutron - OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware ...
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
Scope: local
bookworm: resolved (fixed in 2:18.1.0-2)
bullseye: resolved (fixed in 2:17.2.1-0+deb11u1)
forky: resolved (fixed in 2:18.1.0-2)
sid: resolved (fixed in 2:18.1.0-2)
trixie: resolved (fixed in 2:18.1.0-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-23
Published