CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
openstackneutron
2012.2
openstackneutron
2012.2.1
openstackneutron
2012.2.2
openstackneutron
2012.2.3
openstackneutron
2012.2.4
openstackneutron
2013.1
openstackneutron
2013.1.1
openstackneutron
2013.1.2
openstackneutron
2013.1.3
openstackneutron
2013.1.4
openstackneutron
2013.1.5
openstackneutron
2013.2
openstackneutron
2013.2.1
openstackneutron
2013.2.2
canonicalubuntu_linux
13.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bullseye (security)
2:17.2.1-0+deb11u1
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bookworm
2:21.0.0-7
fixed
sid
2:25.0.0-1
fixed
trixie
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
trusty
dne
saucy
Fixed 1:2013.2.3-0ubuntu1.1
released
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0516.html
http://www.openwall.com/lists/oss-security/2014/03/27/5
http://www.ubuntu.com/usn/USN-2194-1
https://bugs.launchpad.net/neutron/+bug/1243327
http://rhn.redhat.com/errata/RHSA-2014-0516.html
http://www.openwall.com/lists/oss-security/2014/03/27/5
http://www.ubuntu.com/usn/USN-2194-1
https://bugs.launchpad.net/neutron/+bug/1243327