VDB
CVE-2018-14636
CVE-2018-14636
PUBLISHED
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.
EPSS 0.20% · 42.4th percentile
Risk Scores
EPSS Score
0.20%
42.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | neutron | 0, 2:11.0.1-0ubuntu1, 2:12.0.0~b1-0ubuntu2 |
| Ubuntu:16.04:LTS | neutron | 2:8.4.0-0ubuntu5, 2:8.4.0-0ubuntu6, 2:8.4.0-0ubuntu7.1 |
Exploit Intelligence
Timeline
- Sep 10, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14636 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14636 third-party-advisory