CVE-2015-8914

moderate-risk
Published 2016-06-17

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

Do I need to act?

~
6.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Neutron

Affected Vendors

Openstack

References (18)

Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/5
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/6
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1473
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1474
Exploit https://bugs.launchpad.net/neutron/+bug/1502933
Third Party Advisory https://review.openstack.org/#/c/300233/
Third Party Advisory https://review.openstack.org/#/c/310648/
Third Party Advisory https://review.openstack.org/#/c/310652/
Vendor Advisory https://security.openstack.org/ossa/OSSA-2016-009.html
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/5
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/6
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1473
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1474
Exploit https://bugs.launchpad.net/neutron/+bug/1502933
Third Party Advisory https://review.openstack.org/#/c/300233/
Third Party Advisory https://review.openstack.org/#/c/310648/
Third Party Advisory https://review.openstack.org/#/c/310652/
Vendor Advisory https://security.openstack.org/ossa/OSSA-2016-009.html
45
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal