VIR Vulnerability Intelligence Relay

CVE-2014-0056

low
Published 2022-05-17 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-0056

OS impact
OSVersionStatusFixed in
ubuntu ubuntu13.10affected
debian debianbookwormfixed2013.2.2-4
debian debianbullseyefixed2013.2.2-4
debian debianforkyfixed2013.2.2-4
debian debiansidfixed2013.2.2-4
debian debiantrixiefixed2013.2.2-4

Package impact
EcosystemPackageVulnerableFixed
python PyPIneutron>=2012.2,<2013.2.32013.2.3

Application impact
VendorProductVersionsFixed
openstackneutron2012.2
openstackneutron2012.2.1
openstackneutron2012.2.2
openstackneutron2012.2.3
openstackneutron2012.2.4
openstackneutron2013.1
openstackneutron2013.1.1
openstackneutron2013.1.2
openstackneutron2013.1.3
openstackneutron2013.1.4
openstackneutron2013.1.5
openstackneutron2013.2
openstackneutron2013.2.1
openstackneutron2013.2.2

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.