CVE-2021-40085
Description
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.412
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-38598,CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron 16.4.1 | Windows |
| Vulnerabilities CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron 17.2.1 | Windows |
| Vulnerabilities CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron 18.1.1 | Windows |
| OpenStack Virtual Network Service (USN-6067-1) python-neutron_12.1.1-0ubuntu8.1_all.deb | Linux |
| OpenStack Virtual Network Service (USN-6067-1) python3-neutron_16.4.2-0ubuntu6.2_all.deb | Linux |
| OpenStack Virtual Network Service (USN-6067-1) python3-neutron_20.3.0-0ubuntu1.1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-sriov-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-sriov-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-server_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-server_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-rpc-server_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-rpc-server_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-plugin-nec-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-plugin-nec-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-ovn-metadata-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-openvswitch-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-openvswitch-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-metering-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-metering-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-metadata-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-metadata-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-macvtap-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-macvtap-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-linuxbridge-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-linuxbridge-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-l3-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-l3-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-doc_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-dhcp-agent_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-dhcp-agent_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-common_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-common_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-api_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) neutron-api_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| neutron security update(DSA-4983-1) python3-neutron_17.2.1-0+deb11u1_all.deb | Linux |
| neutron security update(DSA-4983-1) python3-neutron_13.0.7+git.2021.09.27.bace3d1890-0+deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2021-38598,CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron for linux 16.4.1 | Linux |
| Vulnerabilities CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron for linux 17.2.1 | Linux |
| Vulnerabilities CVE-2021-40085,CVE-2021-40797 are fixed in Python-neutron for linux 18.1.1 | Linux |
| CVE-2021-40085 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234