CVE-2014-0187

Description

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

How to fix CVE-2014-0187

To remediate CVE-2014-0187, upgrade the affected package to a fixed version below.

• Debian/neutron—upgrade to 2014.1.2-1 or later

Is CVE-2014-0187 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2014.1.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-0187