cbcvebase.
CVE-2021-40085
published 2021-08-31

CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
1.89%
77.0th percentile
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

Affected

17 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianneutron< neutron 2:18.1.0-3 (bookworm)neutron 2:18.1.0-3 (bookworm)
openstackneutron< 16.4.116.4.1
openstackneutron>= 0 < 2:17.2.1-0+deb11u12:17.2.1-0+deb11u1
openstackneutron>= 0 < 2:18.1.0-32:18.1.0-3
openstackneutron>= 0 < 2:18.1.0-32:18.1.0-3
openstackneutron>= 0 < 2:18.1.0-32:18.1.0-3
openstackneutron>= 0 < 16.4.116.4.1
openstackneutron>= 0 < 2:12.1.1-0ubuntu8.12:12.1.1-0ubuntu8.1
openstackneutron>= 0 < 2:16.4.2-0ubuntu6.22:16.4.2-0ubuntu6.2
openstackneutron>= 0 < 2:20.3.0-0ubuntu1.12:20.3.0-0ubuntu1.1
openstackneutron>= 17.0.0 < 17.2.117.2.1
openstackneutron>= 17.0.0 < 17.2.117.2.1
openstackneutron>= 18.0.0 < 18.1.118.1.1
openstackneutron>= 18.0.0 < 18.1.118.1.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv7.1HIGH
vendor_ubuntu7.1HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.