CVE-2021-40085

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
openstackneutron
𝑥
< 16.4.1
openstackneutron
17.0.0 ≤
𝑥
< 17.2.1
openstackneutron
18.0.0 ≤
𝑥
< 18.1.1
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neutron
bullseye (security)
2:17.2.1-0+deb11u1
fixed
bullseye
2:17.2.1-0+deb11u1
fixed
bookworm
2:21.0.0-7
fixed
sid
2:25.0.0-1
fixed
trixie
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neutron
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
ignored
focal
Fixed 2:16.4.2-0ubuntu6.2
released
bionic
Fixed 2:12.1.1-0ubuntu8.1
released
xenial
needs-triage
trusty
dne
References
http://www.openwall.com/lists/oss-security/2021/08/31/2
https://launchpad.net/bugs/1939733
https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html
https://security.openstack.org/ossa/OSSA-2021-005.html
https://www.debian.org/security/2021/dsa-4983
http://www.openwall.com/lists/oss-security/2021/08/31/2
https://launchpad.net/bugs/1939733
https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html
https://security.openstack.org/ossa/OSSA-2021-005.html
https://www.debian.org/security/2021/dsa-4983