{"containers": {"cna": {"affected": [{"product": "openstack-neutron", "vendor": "n/a", "versions": [{"status": "affected", "version": "openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T20:06:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2021-001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openstack-neutron", "version": {"version_data": [{"version_value": "openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-345"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, {"name": "https://security.openstack.org/ossa/OSSA-2021-001.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2021-001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.213Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2021-001.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20267", "datePublished": "2021-05-28T18:46:11", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:37:23.213Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF1BE411-041B-4D1D-9588-762163E52C5C", "versionEndExcluding": "16.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AB8E7F9-5593-4EC1-BCD4-B5A7061274DD", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:18.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F0D3CE94-058D-41F4-B7F9-463375904E1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en las reglas de firewall predeterminadas de Open vSwitch de openstack-neutron. Mediante el env\u00edo de paquetes cuidadosamente dise\u00f1ados, cualquier persona que tenga el control de una instancia de servidor conectada al switch virtual puede hacerse pasar por las direcciones IPv6 de otros sistemas en la red, resultando en una denegaci\u00f3n de servicio o, en algunos casos, posiblemente en la interceptaci\u00f3n del tr\u00e1fico destinado a otros destinos. Solo est\u00e1n afectadas las implementaciones que usan el controlador Open vSwitch. Fuente: OpenStack project. Las versiones anteriores a openstack-neutron 15.3.3, openstack-neutron versi\u00f3n 16.3.1 y openstack-neutron versi\u00f3n 17.1.1 est\u00e1n afectadas"}], "id": "CVE-2021-20267", "lastModified": "2024-11-21T05:46:14.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-28T19:15:07.483", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-001.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "openstack-neutron: Anti-spoofing bypass using Open vSwitch", "id": "1934330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-345", "details": ["A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.", "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch firewall driver are affected. Source: OpenStack project"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-20267", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Fix deferred", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "openstack-neutron", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2020-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20267\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20267"], "threat_severity": "Moderate"}