{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-26T16:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/bugs/1939733"}, {"name": "[oss-security] 20210831 [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2"}, {"tags": ["x_refsource_MISC"], "url": "https://security.openstack.org/ossa/OSSA-2021-005.html"}, {"name": "[debian-lts-announce] 20211011 [SECURITY] [DLA 2781-1] neutron security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"}, {"name": "DSA-4983", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4983"}, {"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3027-1] neutron security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40085", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1939733", "refsource": "MISC", "url": "https://launchpad.net/bugs/1939733"}, {"name": "[oss-security] 20210831 [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2"}, {"name": "https://security.openstack.org/ossa/OSSA-2021-005.html", "refsource": "MISC", "url": "https://security.openstack.org/ossa/OSSA-2021-005.html"}, {"name": "[debian-lts-announce] 20211011 [SECURITY] [DLA 2781-1] neutron security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"}, {"name": "DSA-4983", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4983"}, {"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3027-1] neutron security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.442Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.net/bugs/1939733"}, {"name": "[oss-security] 20210831 [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2021-005.html"}, {"name": "[debian-lts-announce] 20211011 [SECURITY] [DLA 2781-1] neutron security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"}, {"name": "DSA-4983", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4983"}, {"name": "[debian-lts-announce] 20220526 [SECURITY] [DLA 3027-1] neutron security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40085", "datePublished": "2021-08-31T17:32:24", "dateReserved": "2021-08-25T00:00:00", "dateUpdated": "2024-08-04T02:27:31.442Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "19960486-0F45-4640-AC10-CC48A25F8309", "versionEndExcluding": "16.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "40F9ACA3-317B-4357-8AA9-6A17C51366AF", "versionEndExcluding": "17.2.1", "versionStartIncluding": "17.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*", "matchCriteriaId": "23BDD30E-92DC-4C8E-BEA0-AF38D68BD806", "versionEndExcluding": "18.1.1", "versionStartIncluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value."}, {"lang": "es", "value": "Se ha detectado un problema en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.1.1. Unos atacantes autenticados pueden reconfigurar dnsmasq por medio de un valor extra_dhcp_opts dise\u00f1ado"}], "id": "CVE-2021-40085", "lastModified": "2024-11-21T06:23:31.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-31T18:15:08.837", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1939733"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-005.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1939733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2021-005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4983"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenStack project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:3502", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "openstack-neutron-1:9.4.1-56.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2021-09-13T00:00:00Z"}, {"advisory": "RHSA-2021:3503", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-neutron-1:12.1.1-42.1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 - ELS", "release_date": "2021-09-13T00:00:00Z"}, {"advisory": "RHSA-2021:3503", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-neutron-1:12.1.1-42.1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2021-09-13T00:00:00Z"}, {"advisory": "RHSA-2021:3481", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "openstack-neutron-1:15.2.1-1.20210409073447.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2021-09-09T00:00:00Z"}, {"advisory": "RHSA-2021:3488", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "openstack-neutron-1:15.3.5-2.20210608154813.el8ost.3", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2021-09-15T00:00:00Z"}], "bugzilla": {"description": "openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts", "id": "1998052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998052"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.", "An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extra_dhcp_opts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon\u2019s behavior. This flaw might also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-40085", "package_state": [{"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "openstack-neutron", "product_name": "Red Hat Integration Camel K"}], "public_date": "2021-08-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-40085\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40085\nhttps://security.openstack.org/ossa/OSSA-2021-005.html"], "threat_severity": "Important", "upstream_fix": "neutron 16.4.1, neutron 17.2.1, neutron 18.1.1"}