CVE-2015-5240 Detail
Current Description
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
Source:
MITRE
Description Last Modified:
06/20/2016
View Analysis Description
Analysis Description
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
Source:
MITRE
Description Last Modified:
10/27/2015
Impact
CVSS v2.0 Severity and Metrics:
Base Score:
3.5 LOW
Vector:
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
(V2 legend)
Impact Subscore:
2.9
Exploitability Subscore:
6.8
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (AU):
Single
Confidentiality (C):
None
Integrity (I):
Partial
Availability (A):
None
Additional Information:
Allows unauthorized modification
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.
Change History
4 change records found
- show changes
CVE Translated -
6/21/2016 1:45:01 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Translation |
|
Condición de carrera en OpenStack Neutron en versiones anteriores 2014.2.4 and 2015.1 en versiones anteriores 2015.1.2, cuando se utiliza el plugin ML2 o los grupos de seguridad de API AMQP, permite a usuarios remotos autenticados eludir controles IP anti-spoofing cambiando el propietario del dispositivo de un puerto para empezar con la red: antes de que las reglas de seguridad de grupo sean aplicadas. |
| Removed |
Translation |
Condición de carrera en OpenStack Neutron en versiones anteriores a 2014.2.4 y 2015.1 en versiones anteriores a 2015.1.2, cuando utiliza el plugin ML2 o los grupos de seguridad de la API AMQP, permite a usuarios autenticados eludir los controles anti falsificación de IP cambiando el propietario de un puerto del dispositivo para comenzar con red: antes de que las reglas del grupo de seguridad se apliquen. |
|
CVE Modified by Source -
6/20/2016 9:59:05 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. |
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. |
Modified Analysis -
10/28/2015 5:00:09 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
Configuration 1
OR
*cpe:2.3:a:openstack:neutron:2014.2.3:*:*:*:*:*:*:*
*cpe:2.3:a:openstack:neutron:2015.1.0:*:*:*:*:*:*:*
*cpe:2.3:a:openstack:neutron:2015.1.1:*:*:*:*:*:*:* |
| Added |
CVSS V2 |
|
(AV:N/AC:M/Au:S/C:N/I:P/A:N) |
| Added |
CWE |
|
CWE-362 |
| Changed |
Reference Type |
https://security.openstack.org/ossa/OSSA-2015-018.html No Types Assigned |
https://security.openstack.org/ossa/OSSA-2015-018.html Advisory |
Initial CVE Analysis -
10/28/2015 10:44:20 AM
Quick Info
CVE Dictionary Entry:
CVE-2015-5240
NVD Published Date:
10/27/2015
NVD Last Modified:
06/24/2016
|