CVE-2017-5936
OpenStack Nova-LXD bypass security restrictions
7.5
HIGH
CVSS 3.1
EPSS 2.5%
Description
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
How to fix CVE-2017-5936
To remediate CVE-2017-5936, upgrade the affected package to a fixed version below.
- PyPI/nova-lxd—upgrade to 13.1.1 or later
- —upgrade to 1b76cefb92081efa1e88cd8f330253f857028bd2 or later
Is CVE-2017-5936 being exploited?
Low — EPSS is 2.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 13.1.1
- from 0, < 1b76cefb92081efa1e88cd8f330253f857028bd2 | from 0, < 13.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |