CVE-2018-14635
MEDIUMOpenStack Neutron <13.0.0.0b2, <12.0.3, <11.0.5 - DoS
Title source: llmDescription
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2710
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2715
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/neutron/+bug/1757482
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2721
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3792
Patch, Vendor Advisory x_refsource_confirm
https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
Scores
CVSS v3
6.5
EPSS
0.0031
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (6)
openstack/neutron
13.0.0.0 b1
openstack/neutron
11.0.0 - 11.0.5
pypi/neutron
13.0.0.0b1 - 13.0.0.0b2PyPI
redhat/openstack
10
redhat/openstack
12
redhat/openstack
13
Published
Sep 10, 2018
Tracked Since
Feb 18, 2026