1. CVE-Search
  2. CVE-2019-10876
ID CVE-2019-10876
Summary An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:neutron:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:12.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:12.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:12.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:12.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:12.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.5-50:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.5-50:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:11.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:11.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:13.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:13.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:13.0.0:b1:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:13.0.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:13.0.0.0:b1:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:13.0.0.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:13.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:13.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:neutron:13.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:neutron:13.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 04-08-2021 - 17:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2019:0879
  • rhsa
    id RHSA-2019:0935
rpms
  • openstack-neutron-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-common-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-linuxbridge-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-macvtap-agent-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-metering-agent-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-ml2-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-openvswitch-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-rpc-server-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-sriov-nic-agent-1:13.0.3-0.20190313155649.00b63be.el7ost
  • python-neutron-1:13.0.3-0.20190313155649.00b63be.el7ost
  • openstack-neutron-1:12.0.5-11.el7ost
  • openstack-neutron-common-1:12.0.5-11.el7ost
  • openstack-neutron-linuxbridge-1:12.0.5-11.el7ost
  • openstack-neutron-macvtap-agent-1:12.0.5-11.el7ost
  • openstack-neutron-metering-agent-1:12.0.5-11.el7ost
  • openstack-neutron-ml2-1:12.0.5-11.el7ost
  • openstack-neutron-openvswitch-1:12.0.5-11.el7ost
  • openstack-neutron-rpc-server-1:12.0.5-11.el7ost
  • openstack-neutron-sriov-nic-agent-1:12.0.5-11.el7ost
  • python-neutron-1:12.0.5-11.el7ost
refmap via4
confirm https://security.openstack.org/ossa/OSSA-2019-002.html
misc
mlist [oss-security] 20190409 [OSSA-2019-002] neutron-openvswitch-agent: Unable to install new flows on compute nodes when having broken security group rules (CVE-2019-10876)
Last major update 04-08-2021 - 17:15
Published 05-04-2019 - 05:29
Last modified 04-08-2021 - 17:15
Back to Top