VDB
CVE-2023-5366
CVE-2023-5366
PUBLISHED
CVSS 7.099999904632568 HIGH
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
EPSS 0.02% · 5.7th percentile
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS Score
0.02%
5.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Fast Datapath for RHEL 8 | |
| Red Hat | Fast Datapath for RHEL 7 | |
| Red Hat | Fast Datapath for RHEL 7 | |
| Red Hat | Red Hat OpenStack Platform 16.1 | |
| redhat | fast_datapath | |
| redhat | virtualization | 4.0, 4.0, 4.0 |
| Red Hat | Red Hat Virtualization 4 | |
| redhat | enterprise_linux | 7.0, 7.0, 7.0 |
| Red Hat | Fast Datapath for RHEL 8 | |
| Red Hat | Fast Datapath for RHEL 9 | |
| Red Hat | Fast Datapath for RHEL 8 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Fast Datapath for RHEL 7 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| redhat | openshift_container_platform | 4.0, 4.0, 4.0 |
| openvswitch | openvswitch | 0, 0, 0 |
| Red Hat | Red Hat Virtualization 4 | |
| Red Hat | Fast Datapath for RHEL 8 | |
| Red Hat | Fast Datapath for RHEL 7 |
…and 14 more
Exploit Intelligence
- CIRCL seen: CVE-2023-5366 (circl-sighting)
- CIRCL seen: CVE-2023-5366 (circl-sighting)
- https://access.redhat.com/security/cve/CVE-2023-5366 (circl)
- RHBZ#2006347 (circl)
- http://www.openwall.com/lists/oss-security/2024/02/08/4 (circl)
- https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ (circl)
Timeline
- Oct 6, 2023 CVE Published
- Oct 6, 2023 PoC Published
- Oct 7, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Jan 10, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 13, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 15, 2024 EPSS Score
- Jul 16, 2024 PoC Published
References
- https://access.redhat.com/security/cve/CVE-2023-5366 vdb
- RHBZ#2006347 issue
- http://www.openwall.com/lists/oss-security/2024/02/08/4 url
- https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-5366 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO url