CVE-2021-38598

CRITICAL

OpenStack Neutron <16.4.1-18.0.0 - DoS

Title source: llm

Description

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://launchpad.net/bugs/1938670

Scores

CVSS v3 9.1

EPSS 0.0004

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-290

Status published

Affected Products (3)

openstack/neutron < 16.4.1

openstack/neutron

pypi/neutron < 16.4.1PyPI

Timeline

Published Aug 23, 2021

Tracked Since Feb 18, 2026