Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-20267

Good to know:

icon
icon

Date: May 28, 2021

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Language: Python

Severity Score

Related Resources (8)

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20267
https://bugs.launchpad.net/neutron/+bug/1902917
https://security-tracker.debian.org/tracker/CVE-2021-20267
https://bugzilla.redhat.com/show_bug.cgi?id=1934330
https://github.com/openstack/neutron/commit/4b5bcff64c4725b37f094dfd2613ec58f723d304
https://nvd.nist.gov/vuln/detail/CVE-2021-20267
https://security.openstack.org/ossa/OSSA-2021-001.html
https://www.mend.io/vulnerability-database/CVE-2021-20267

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

icon

Upgrade Version

Upgrade to version 15.3.3,16.3.1,17.1.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us