Lucene search

RedhatCVE-2017-7543

HistoryJul 26, 2018 - 2:29 p.m.

CVE-2017-7543

2018-07-2614:29:00

CWE-362

redhat

web.nvd.nist.gov

openstack

neutron

security vulnerability

race condition

cve-2017-7543

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

Affected configurations

Nvd

Vulners

Node

openstackneutronRange7.0.0–7.2.0-12.1

openstackneutronRange8.0.0–8.3.0-11.1

openstackneutronRange9.0.0–9.3.1-2.1

openstackneutronRange10.0.0–10.0.2-1.1

Node

redhatopenstackMatch6.0

AND

redhatenterprise_linuxMatch7.0

Node

redhatopenstackMatch7.0

AND

redhatenterprise_linuxMatch7.0

Node

redhatopenstackMatch8

redhatopenstackMatch9

redhatopenstackMatch10

redhatopenstackMatch11

VendorProductVersionCPE
openstackneutron*cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
redhatopenstack6.0cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatopenstack7.0cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
redhatopenstack8cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
redhatopenstack9cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatopenstack11cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	neutron	*	cpe:2.3:a:openstack:neutron::::::::
redhat	openstack	6.0	cpe:2.3:a:redhat:openstack:6.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	openstack	7.0	cpe:2.3:a:redhat:openstack:7.0:::::::*
redhat	openstack	8	cpe:2.3:a:redhat:openstack:8:::::::*
redhat	openstack	9	cpe:2.3:a:redhat:openstack:9:::::::*
redhat	openstack	10	cpe:2.3:a:redhat:openstack:10:::::::*
redhat	openstack	11	cpe:2.3:a:redhat:openstack:11:::::::*

CNA Affected

[
  {
    "product": "openstack-neutron",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "openstack-neutron-10.0.2-1.1"
      },
      {
        "status": "affected",
        "version": "openstack-neutron-8.3.0-11.1"
      },
      {
        "status": "affected",
        "version": "openstack-neutron-9.3.1-2.1"
      },
      {
        "status": "affected",
        "version": "openstack-neutron-7.2.0-12.1"
      }
    ]
  }
]