CVE-2023-3153

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-3153	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2213279	Issue Tracking
https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd	Patch
https://github.com/ovn-org/ovn/issues/198	Issue Tracking
https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html	Mitigation Patch
https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::

Configuration 2 (hide)

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-10-04 12:15

Updated : 2023-11-07 04:18

NVD link : CVE-2023-3153

Mitre link : CVE-2023-3153

CVE.ORG link : CVE-2023-3153

JSON object : View

Products Affected

redhat

openshift_container_platform
fast_datapath
enterprise_linux

ovn

open_virtual_network

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-3153", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-10-04T12:15:10.503", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3153", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ovn-org/ovn/issues/198", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html", "tags": ["Mitigation", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el l\u00edmite. Este problema podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente."}], "lastModified": "2023-11-07T04:18:03.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CA7DFF4-C739-4EE8-AC5D-6EC06E387309", "versionEndExcluding": "22.03.3"}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B2BA9A-04F3-4E63-B367-E7AE5AD04FB1", "versionEndExcluding": "22.09.2", "versionStartIncluding": "22.03.4"}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "393B5A8F-01A6-48E3-9D04-E9F5EDDCA555", "versionEndExcluding": "22.12.1", "versionStartIncluding": "22.09.3"}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20978238-A456-4B17-B7AD-DC006C6B16A2", "versionEndExcluding": "23.03.1", "versionStartIncluding": "22.12.2"}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7AF4A0C-4E74-4721-96E0-E5A400B9AF58", "versionEndExcluding": "23.06.1", "versionStartIncluding": "23.03.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}