Vulnerability Details CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2017/02/09/3
- http://www.securityfocus.com/bid/96182
- http://www.ubuntu.com/usn/USN-3195-1
- https://bugs.launchpad.net/nova-lxd/+bug/1656847
- https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
- http://www.openwall.com/lists/oss-security/2017/02/09/3
- http://www.securityfocus.com/bid/96182
- http://www.ubuntu.com/usn/USN-3195-1
- https://bugs.launchpad.net/nova-lxd/+bug/1656847
- https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
Products affected by CVE-2017-5936
-
cpe:2.3:a:openstack:nova-lxd:13.1.0
-
cpe:2.3:o:canonical:ubuntu_linux:16.04