Back to CVE Browser

CVE-2014-0187

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.0350%

EPSS Percentile21.65th

PublishedApr 28, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

Affected Platforms (CPE)

📦

Openstack

Neutron

= 2013.1

📦

Openstack

Neutron

= 2013.1.1

📦

Openstack

Neutron

= 2013.1.2

📦

Openstack

Neutron

= 2013.1.3

📦

Openstack

Neutron

= 2013.1.4

📦

Openstack

Neutron

= 2013.1.5

📦

Openstack

Neutron

= 2013.2

📦

Openstack

Neutron

= 2013.2.1

📦

Openstack

Neutron

= 2013.2.2

📦

Openstack

Neutron

= 2013.2.3

📦

Openstack

Neutron

= 2014.1

💻

Canonical

Ubuntu Linux

= 13.04

💻

Canonical

Ubuntu Linux

= 14.04

💻

Opensuse

Opensuse

= 13.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html

🔗 http://secunia.com/advisories/59533

🔗 http://www.openwall.com/lists/oss-security/2014/04/22/8

🔗 http://www.ubuntu.com/usn/USN-2255-1

🔗 https://bugs.launchpad.net/neutron/+bug/1300785

🔗 http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html

🔗 http://secunia.com/advisories/59533

🔗 http://www.openwall.com/lists/oss-security/2014/04/22/8

Related Vulnerabilities

CVE-2023-41789.8

Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neu...

CVE-2015-89149.1

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMP...

CVE-2021-385989.1

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver ...

CVE-2016-53628.2

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP...

CVE-2014-0187 Detail & Impact Analysis | CVSS 9.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space