CVE-2021-20267
HIGHOpenStack Neutron < 16.3.3 - IPv6 Spoofing via Open vSwitch Firewall Rules
Title source: llmDescription
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1934330
Patch, Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2021-001.html
Scores
CVSS v3
7.1
EPSS
0.0013
EPSS Percentile
31.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-345
Status
published
Products (7)
openstack/neutron
18.0.0
openstack/neutron
< 16.3.3
pypi/neutron
16.0.0 - 16.3.1PyPI
redhat/openstack_platform
10.0
redhat/openstack_platform
13.0
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
Published
May 28, 2021
Tracked Since
Feb 18, 2026