Miggo Logo

CVE-2014-3555: OpenStack Neutron allows remote authenticated users to cause a denial of service

4

CVSS Score

Basic Information

EPSS Score
0.76271%
CWE
-
Published
5/17/2022
Updated
4/14/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
neutronpip< 2013.2.42013.2.4
neutronpip>= 2014.1.0, < 2014.1.22014.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing quota checks when processing allowed address pairs. The patches add validation in _validate_allowed_address_pairs and its callers. These functions would appear in profilers when handling malicious API requests creating numerous address pairs. The database mixin function is included as it's the entry point that would show up in stack traces during mass rule creation attempts.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k N*utron ***or* ****.*.*, ****.x ***or* ****.*.*, *n* Juno ***or* Juno-* *llows r*mot* *ut**nti**t** us*rs to **us* * **ni*l o* s*rvi** (*r*s* or lon* *ir*w*ll rul* up**t*s) *y *r**tin* * l*r** num**r o* *llow** ***r*ss p*irs.

Reasoning

T** vuln*r**ility st*ms *rom missin* quot* ****ks w**n pro**ssin* *llow** ***r*ss p*irs. T** p*t***s *** v*li**tion in _v*li**t*_*llow**_***r*ss_p*irs *n* its **ll*rs. T**s* *un*tions woul* *pp**r in pro*il*rs w**n **n*lin* m*li*ious *PI r*qu*sts *r*