Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-5240

Date: October 27, 2015

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.

Language: Python

Severity Score

Related Resources (13)

https://github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2
https://security.openstack.org/ossa/OSSA-2015-018.html
http://www.openwall.com/lists/oss-security/2015/09/08/9
https://github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8e
https://access.redhat.com/errata/RHSA-2015:1909
https://github.com/openstack/neutron
https://bugzilla.redhat.com/show_bug.cgi?id=1258458
http://rhn.redhat.com/errata/RHSA-2015-1909.html
https://bugs.launchpad.net/neutron/+bug/1489111
https://github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38
https://nvd.nist.gov/vuln/detail/CVE-2015-5240
https://access.redhat.com/security/cve/CVE-2015-5240
https://www.mend.io/vulnerability-database/CVE-2015-5240

Severity Score

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us