CVE-2014-0187

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

Published: Apr 28, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0187
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / neutron	2014.1	2014.1.x
openstack / neutron	2013.2.2	2013.2.2.x
openstack / neutron	2013.1.1	2013.1.1.x
openstack / neutron	2013.1.3	2013.1.3.x
openstack / neutron	2013.2	2013.2.x
openstack / neutron	2013.1.4	2013.1.4.x
openstack / neutron	2013.1.5	2013.1.5.x
openstack / neutron	2013.1	2013.1.x
openstack / neutron	2013.2.3	2013.2.3.x
openstack / neutron	2013.1.2	2013.1.2.x
openstack / neutron	2013.2.1	2013.2.1.x
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	14.04	14.04.x
opensuse / opensuse	13.1	13.1.x

Vulnerability Database

289,599

CVE-2014-0187