fkie_cve-2023-3153
Vulnerability from fkie_nvd
Published
2023-10-04 12:15
Modified
2024-11-21 08:16
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ovn | open_virtual_network | * | |
| ovn | open_virtual_network | * | |
| ovn | open_virtual_network | * | |
| ovn | open_virtual_network | * | |
| ovn | open_virtual_network | * | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | fast_datapath | - | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA7DFF4-C739-4EE8-AC5D-6EC06E387309",
"versionEndExcluding": "22.03.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B2BA9A-04F3-4E63-B367-E7AE5AD04FB1",
"versionEndExcluding": "22.09.2",
"versionStartIncluding": "22.03.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "393B5A8F-01A6-48E3-9D04-E9F5EDDCA555",
"versionEndExcluding": "22.12.1",
"versionStartIncluding": "22.09.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20978238-A456-4B17-B7AD-DC006C6B16A2",
"versionEndExcluding": "23.03.1",
"versionStartIncluding": "22.12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AF4A0C-4E74-4721-96E0-E5A400B9AF58",
"versionEndExcluding": "23.06.1",
"versionStartIncluding": "23.03.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el l\u00edmite. Este problema podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente."
}
],
"id": "CVE-2023-3153",
"lastModified": "2024-11-21T08:16:34.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T12:15:10.503",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ovn-org/ovn/issues/198"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Patch"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ovn-org/ovn/issues/198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…