CVE-2016-5362

moderate-risk
Published 2016-06-17

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

Do I need to act?

~
6.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Neutron

Affected Vendors

Openstack

References (18)

Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/5
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/6
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1473
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1474
Third Party Advisory https://bugs.launchpad.net/neutron/+bug/1558658
Vendor Advisory https://review.openstack.org/#/c/300202/
Vendor Advisory https://review.openstack.org/#/c/303563/
Third Party Advisory https://review.openstack.org/#/c/303572/
Vendor Advisory https://security.openstack.org/ossa/OSSA-2016-009.html
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/5
Mailing List http://www.openwall.com/lists/oss-security/2016/06/10/6
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1473
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1474
Third Party Advisory https://bugs.launchpad.net/neutron/+bug/1558658
Vendor Advisory https://review.openstack.org/#/c/300202/
Vendor Advisory https://review.openstack.org/#/c/303563/
Third Party Advisory https://review.openstack.org/#/c/303572/
Vendor Advisory https://security.openstack.org/ossa/OSSA-2016-009.html
42
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal