Skip to main content

Neutron

24 CVEs product

Monthly

CVE-2026-50266 PyPI LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2021-40797 PyPI MEDIUM POC PATCH This Month

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Neutron
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-40085 PyPI MEDIUM POC PATCH This Month

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-38598 PyPI CRITICAL POC PATCH Act Now

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Neutron
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2021-20267 PyPI HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2019-10876 PyPI MEDIUM PATCH This Month

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neutron Openstack
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2019-9735 PyPI MEDIUM POC PATCH This Month

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Openstack Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-14636 PyPI MEDIUM PATCH This Month

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Neutron
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-14635 PyPI MEDIUM PATCH This Month

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Neutron
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2016-5363 PyPI HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
CVSS 3.0
8.2
EPSS
4.7%
CVE-2016-5362 PyPI HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
CVSS 3.0
8.2
EPSS
6.3%
CVE-2015-8914 PyPI CRITICAL POC PATCH Act Now

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Neutron
NVD
CVSS 3.0
9.1
EPSS
6.7%
CVE-2015-5240 PyPI LOW PATCH Monitor

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Race Condition Authentication Bypass Neutron
NVD VulDB
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-3221 PyPI MEDIUM POC PATCH THREAT This Month

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Denial Of Service Neutron
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
12.6%
CVE-2014-8153 MEDIUM This Month

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Router Advertisement Daemon Neutron
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-7821 MEDIUM PATCH This Month

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Fedora Openstack
NVD
CVSS 2.0
4.0
EPSS
1.9%
CVE-2014-3632 HIGH This Week

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron
NVD
CVSS 2.0
7.6
EPSS
1.2%
CVE-2014-6414 MEDIUM PATCH This Month

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-4615 MEDIUM This Month

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openstack Ubuntu Linux Neutron Oslo +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3555 MEDIUM This Month

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Neutron
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2014-4167 LOW Monitor

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
3.5
EPSS
0.6%
CVE-2013-6433 HIGH This Week

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
7.6
EPSS
1.6%
CVE-2014-0056 PyPI LOW PATCH Monitor

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Neutron Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-0187 CRITICAL Act Now

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Neutron Ubuntu Linux Opensuse
NVD VulDB
CVSS 2.0
9.0
EPSS
0.5%
EPSS 0% CVSS 2.2
LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Neutron
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Debian Linux
NVD
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Neutron
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neutron Openstack
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Neutron Openstack +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Neutron
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Neutron
NVD
EPSS 5% CVSS 8.2
HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
EPSS 6% CVSS 8.2
HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
EPSS 7% CVSS 9.1
CRITICAL POC PATCH Act Now

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Neutron
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Race Condition Authentication Bypass Neutron
NVD VulDB
EPSS 13% CVSS 4.0
MEDIUM POC PATCH THREAT This Month

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Denial Of Service Neutron
NVD Exploit-DB
EPSS 1% CVSS 4.0
MEDIUM This Month

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Router Advertisement Daemon Neutron
NVD
EPSS 2% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Fedora +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Neutron Ubuntu Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openstack Ubuntu Linux +4
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Neutron
NVD
EPSS 1% CVSS 3.5
LOW Monitor

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Privilege Escalation Neutron +1
NVD
EPSS 2% CVSS 7.6
HIGH This Week

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Neutron Ubuntu Linux
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Neutron Ubuntu Linux +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy