{"id":"CVE-2017-7543","details":"A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.","aliases":["GHSA-hvxr-2fvv-c3wq","PYSEC-2026-686"],"modified":"2026-07-06T08:11:21.850678111Z","published":"2018-07-26T14:29:00.483Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100237"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2447"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2448"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2449"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2450"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2451"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2452"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/neutron","events":[{"introduced":"0"},{"last_affected":"6dcfe3a9362ae5fcf18e5cfb59663e43446cd59c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"}]}}],"versions":["2013.1.g3","2013.2.b2","2013.2.rc1","2014.1.b1","2014.1.b2","2014.1.b3","2014.1.rc1","2014.2.b1","2014.2.b2","2014.2.b3","2014.2.rc1","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","7.0.0","7.0.0.0b1","7.0.0.0b2","7.0.0.0b3","7.0.0.0rc1","7.0.0.0rc2","7.0.0.0rc3","7.0.0a0","essex-1","essex-3","folsom-1","folsom-3","grizzly-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7543.json","unresolved_ranges":[{"events":[{"introduced":"7.0.0"},{"fixed":"7.2.0-12.1"}]},{"events":[{"introduced":"8.0.0"},{"fixed":"8.3.0-11.1"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.3.1-2.1"}]},{"events":[{"introduced":"10.0.0"},{"fixed":"10.0.2-1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"9"}]},{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"11"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}