CVE-2021-40085

CWE-20 — Improper Input Validation8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 38.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Debian Debian Linux

Timeline

PublishedAug 31

Latest updateMay 10

Description

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDopenstack/neutron17.0.0 — 17.2.1+2

▶PyPIneutron17.0.0 — 17.2.1+2

▶Debianneutron< 2:17.2.1-0+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: security.openstack.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

OSV

OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value↗2022-05-24

▶

GHSA

OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value↗2022-05-24

▶

CVEList

CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16↗2021-08-31

▶

OSV

CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16↗2021-08-31

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerabilities↗2023-05-10

▶

Red Hat

openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts↗2021-08-31

▶

Debian

CVE-2021-40085: neutron - An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, ...↗2021

▶