CVE-2019-9735

Aliases:GHSA-9773-3fqg-8w25PYSEC-2019-190

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DEBIAN-CVE-2019-9735 DSA-4409-1 RHSA-2019:0879 RHSA-2019:0916 RHSA-2019:0935 SUSE-SU-2019:2219-1

Modified

Published: 13 Mar 2019, 02:00

Last modified:04 Aug 2024, 22:01

Vulnerability Summary

Overall Risk (default)

medium

36/100

CVSS Score

6.5 MEDIUM

v3.0 (nvd)

EPSS Score

1.89% LOW

2% probability -0.07%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

13 Mar 2019, 02:00

Published

Vulnerability first disclosed

04 Aug 2024, 22:01

Last Modified

Vulnerability information updated

Description

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

CVSS Metrics

v4.0•HIGH•Score: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.89%• Percentile: 84%

Techniques & Countermeasures

CWE-755•Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

Affected Systems

debian•debian_linux
9.0
openstack•neutron
< 10.0.8 | ≥ 11.0.0, < 11.0.7 | ≥ 12.0.0, < 12.0.6 | ≥ 13.0.0, < 13.0.3
PyPI•neutron
≥ 11.0.0, < 11.0.7 | ≥ 12.0.0, < 12.0.6 | ≥ 13.0.0, < 13.0.3 | < 10.0.8
redhat•openstack
10 | 13 | 14