Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-14636

Date: September 10, 2018

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.

Language: Python

Severity Score

Related Resources (7)

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-94.yaml
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636
https://github.com/openstack/neutron
https://bugs.launchpad.net/neutron/+bug/1767422
https://nvd.nist.gov/vuln/detail/CVE-2018-14636
https://bugs.launchpad.net/neutron/+bug/1734320
https://www.mend.io/vulnerability-database/CVE-2018-14636

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

Channel Accessible by Non-Endpoint

CWE-300

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us