Vulnerability Details CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.openwall.com/lists/oss-security/2017/02/09/3
- http://www.securityfocus.com/bid/96182
- http://www.ubuntu.com/usn/USN-3195-1
- https://bugs.launchpad.net/nova-lxd/+bug/1656847
- https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
- http://www.openwall.com/lists/oss-security/2017/02/09/3
- http://www.securityfocus.com/bid/96182
- http://www.ubuntu.com/usn/USN-3195-1
- https://bugs.launchpad.net/nova-lxd/+bug/1656847
- https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
Products affected by CVE-2017-5936
-
cpe:2.3:a:openstack:nova-lxd:13.1.0
-
cpe:2.3:o:canonical:ubuntu_linux:16.04