CVE-2014-4167
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
11/07/2014
Last modified:
12/04/2025
Description
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:* | 2011.1 (including) | 2013.2.3 (including) |
| cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openstack:neutron:2014.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/oss-sec/2014/q2/572
- http://secunia.com/advisories/59533
- http://www.ubuntu.com/usn/USN-2255-1
- https://bugs.launchpad.net/neutron/+bug/1309195
- http://seclists.org/oss-sec/2014/q2/572
- http://secunia.com/advisories/59533
- http://www.ubuntu.com/usn/USN-2255-1
- https://bugs.launchpad.net/neutron/+bug/1309195