How severe is CVE-2021-20267?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2021-20267?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2021-20267 - HIGH Severity | CVSS 7.1

Vulnerability Description

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Related Vulnerabilities

CVE-2023-47630

HIGH

CVSS:7.1(High)

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker t...

CWE-3452023

CVE-2024-43428

HIGH

CVSS:7.1(High)

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

CWE-3452024

CVE-2025-24807

MEDIUM

CVSS:7.1(High)

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per d...

CWE-3452025

CVE-2021-20271

HIGH

CVSS:7.0(High)

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature h...

CWE-3452021

CVE-2023-44402

HIGH

CVSS:7.0(High)

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoa...

CWE-3452023

CVE-2024-7979

HIGH

CVSS:7.0(High)

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security se...

CWE-3452024