Vulnerability CVE-2014-3555

Vulnerability Name:

CVE-2014-3555 (CCN-94750)

Assigned:

2014-07-01

Published:

2014-07-01

Updated:

2023-02-13

Summary:

OpenStack Neutron is vulnerable to a denial of service, caused by an error when handling allowed address pairs. By flooding the system with address pairs, a remote authenticated attacker could exploit this vulnerability to cause the compute nodes to crash.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2014-3555

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 1021824
IBM Cloud Manager with OpenStack Neutron Vulnerabilities (CVE-2014-3555)

Source: CCN
Type: IBM Security Bulletin 1021825
IBM SmartCloud Entry Neutron Vulnerabilities (CVE-2014-3555)

Source: CCN
Type: BID-68765
OpenStack Neutron CVE-2014-3555 Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSSA 2014-025
There is no quota for allowed address pair (CVE-2014-3555)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
neutron-cve20143555-dos(94750)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:openstack:neutron:2014.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20143555	V	CVE-2014-3555	2022-05-22
oval:org.opensuse.security:def:55239	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5085	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:5072	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:55922	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:5745	P	Security update for jetty-minimal (Important)	2021-06-17
oval:org.opensuse.security:def:5063	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:5054	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:5723	P	Security update for snakeyaml (Important)	2021-06-07
oval:org.opensuse.security:def:5021	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:11253	P	openstack-neutron-2014.2.2.dev26-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4902	P	Security update for virt-bootstrap (Moderate)	2020-12-02
oval:org.opensuse.security:def:4996	P	Security update for php7 (Important)	2020-12-02
oval:org.opensuse.security:def:4794	P	Security update for nginx (Moderate)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4921	P	Security update for skopeo (Moderate)	2020-12-02
oval:org.opensuse.security:def:4772	P	Security update for openssh (Important)	2020-12-02
oval:org.opensuse.security:def:4840	P	Security update for squid (Moderate)	2020-12-02
oval:org.opensuse.security:def:4764	P	Security update for ovmf (Moderate)	2020-12-02
oval:org.opensuse.security:def:56315	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55099	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56481	P	Security update for libwpd (Important)	2020-12-01
oval:org.opensuse.security:def:55477	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:55076	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56600	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:55756	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56207	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:55077	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56407	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:56519	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55650	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.mitre.oval:def:26106	P	USN-2321-1 -- neutron vulnerabilities	2014-10-27
oval:com.ubuntu.trusty:def:20143555000	V	CVE-2014-3555 on Ubuntu 14.04 LTS (trusty) - medium.	2014-07-23

BACK