4

CVSS Score

Basic Information

CVE ID

CVE-2014-3555

GHSA ID

GHSA-4pmp-38hf-rmwj

EPSS Score

0.76271%

CWE

Published

5/17/2022

Updated

4/14/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-3555

CVE-2014-3555: OpenStack Neutron allows remote authenticated users to cause a denial of service

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

(GitHub Advisory)

4

CVSS Score

Basic Information

CVE ID

CVE-2014-3555

GHSA ID

GHSA-4pmp-38hf-rmwj

EPSS Score

0.76271%

CWE

Published

5/17/2022

Updated

4/14/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
neutron	pip	< 2013.2.4	2013.2.4
neutron	pip	>= 2014.1.0, < 2014.1.2	2014.1.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing quota checks when processing allowed address pairs. The patches add validation in _validate_allowed_address_pairs and its callers. These functions would appear in profilers when handling malicious API requests creating numerous address pairs. The database mixin function is included as it's the entry point that would show up in stack traces during mass rule creation attempts.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k N*utron ***or* ****.*.*, ****.x ***or* ****.*.*, *n* Juno ***or* Juno-* *llows r*mot* *ut**nti**t** us*rs to **us* * **ni*l o* s*rvi** (*r*s* or lon* *ir*w*ll rul* up**t*s) *y *r**tin* * l*r** num**r o* *llow** ***r*ss p*irs.

Reasoning

T** vuln*r**ility st*ms *rom missin* quot* ****ks w**n pro**ssin* *llow** ***r*ss p*irs. T** p*t***s *** v*li**tion in _v*li**t*_*llow**_***r*ss_p*irs *n* its **ll*rs. T**s* *un*tions woul* *pp**r in pro*il*rs w**n **n*lin* m*li*ious *PI r*qu*sts *r*

4

Basic Information

Concerned about an active attack path?

CVE-2014-3555: OpenStack Neutron allows remote authenticated users to cause a denial of service

4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI