Miggo Logo

CVE-2017-7543: OpenStack Neutron Race Condition vulnerability

5.9

CVSS Score
3.0

Basic Information

EPSS Score
0.62333%
Published
5/13/2022
Updated
2/8/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
neutronpip< 7.2.0-12.17.2.0-12.1
neutronpip>= 8.0.0, < 8.3.0-11.18.3.0-11.1
neutronpip>= 9.0.0, < 9.3.1-2.19.3.1-2.1
neutronpip>= 10.0.0, < 10.0.2-1.110.0.2-1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a race condition where sysctl settings for bridge-nf-call-iptables were reset during updates. The patch adds an ExecStartPre directive in neutron-ovs-cleanup.service to ensure these settings are reapplied. The absence of this step in vulnerable versions indicates the neutron-ovs-cleanup script execution (or lack thereof) is directly tied to the vulnerability. This function would appear in runtime profiles during service initialization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r***-*on*ition *l*w w*s *is*ov*r** in op*nst**k-n*utron ***or* *.*.*-**.*, *.x ***or* *.*.*-**.*, *.x ***or* *.*.*-*.*, *n* **.x ***or* **.*.*-*.*, w**r*, *ollowin* * minor ov*r*lou* up**t*, n*utron s**urity *roups w*r* *is**l**. Sp**i*i**lly, t**

Reasoning

T** vuln*r**ility st*ms *rom * r*** *on*ition w**r* sys*tl s*ttin*s *or *ri***-n*-**ll-ipt**l*s w*r* r*s*t *urin* up**t*s. T** p*t** ***s *n `*x**St*rtPr*` *ir**tiv* in `n*utron-ovs-*l**nup.s*rvi**` to *nsur* t**s* s*ttin*s *r* r**ppli**. T** **s*n**