CVE-2014-7821 : OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote aut

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Published 2014-11-24 15:59:03

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-7821

Redhat » Openstack » Version: 4.0
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Openstack » Neutron
Versions from including (>=) 2014.2 and before (<) 2014.2.1
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Matching versions
Openstack » Neutron
Versions from including (>=) 2012.2.1 and before (<) 2014.1.4
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-7821

EPSS FAQ

1.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-7821

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-7821

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-7821

https://exchange.xforce.ibmcloud.com/vulnerabilities/98818

OpenStack Neutron DNS denial of service CVE-2014-7821 Vulnerability Report
Third Party Advisory;VDB Entry
http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html

OpenStack Open Source Cloud Computing Software » Message: [openstack-announce] [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)
Patch;Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-1938.html

RHSA-2014:1938 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Oracle Bulletin Board Update - January 2015
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/62586

Sign in
Third Party Advisory
https://bugs.launchpad.net/neutron/+bug/1378450

Bug #1378450 “[OSSA 2014-039] Maliciously crafted dns_nameserver...” : Bugs : neutron
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0044.html

RHSA-2015:0044 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1942.html

RHSA-2014:1942 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html

[SECURITY] Fedora 20 Update: openstack-neutron-2013.2.4-8.fc20
Third Party Advisory

Jump to

Vulnerability Details : CVE-2014-7821

Products affected by CVE-2014-7821

Exploit prediction scoring system (EPSS) score for CVE-2014-7821

CVSS scores for CVE-2014-7821

CWE ids for CVE-2014-7821

References for CVE-2014-7821