CVE-2021-20267

{"id": "CVE-2021-20267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2021-05-28T19:15:07.483", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.openstack.org/ossa/OSSA-2021-001.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en las reglas de firewall predeterminadas de Open vSwitch de openstack-neutron. Mediante el env\u00edo de paquetes cuidadosamente dise\u00f1ados, cualquier persona que tenga el control de una instancia de servidor conectada al switch virtual puede hacerse pasar por las direcciones IPv6 de otros sistemas en la red, resultando en una denegaci\u00f3n de servicio o, en algunos casos, posiblemente en la interceptaci\u00f3n del tr\u00e1fico destinado a otros destinos. Solo est\u00e1n afectadas las implementaciones que usan el controlador Open vSwitch. Fuente: OpenStack project. Las versiones anteriores a openstack-neutron 15.3.3, openstack-neutron versi\u00f3n 16.3.1 y openstack-neutron versi\u00f3n 17.1.1 est\u00e1n afectadas"}], "lastModified": "2022-10-07T03:00:31.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1BE411-041B-4D1D-9588-762163E52C5C", "versionEndExcluding": "16.3.3"}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AB8E7F9-5593-4EC1-BCD4-B5A7061274DD", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:openstack:neutron:18.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0D3CE94-058D-41F4-B7F9-463375904E1D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3"}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E"}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}