1. Home
  2. CVE Database
  3. CVE-2018-14636
MEDIUM · 5.3

CVE-2018-14636

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively ...

Vulnerability Description

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
OpenstackNeutron>= 7.0.0, <= 11.0.4

Related Weaknesses (CWE)

CWE-300

References

FAQ

What is CVE-2018-14636?

CVE-2018-14636 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively ...

How severe is CVE-2018-14636?

CVE-2018-14636 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14636?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Neutron.