← voltar
CVE-2025-0650

Ovn: egress acls may be bypassed via specially crafted udp packet

CVSS 8.1 HIGHEPSS 0.8%CWE-284
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
23 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
ovnRed Hat · Fast Datapath for Red Hat Enterprise Linux 8Red Hat · Fast Datapath for Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift Container Platform 4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2025:1083https://access.redhat.com/errata/RHSA-2025:1084https://access.redhat.com/errata/RHSA-2025:1085https://access.redhat.com/errata/RHSA-2025:1086https://access.redhat.com/errata/RHSA-2025:1087https://access.redhat.com/errata/RHSA-2025:1088https://access.redhat.com/errata/RHSA-2025:1089https://access.redhat.com/errata/RHSA-2025:1090https://access.redhat.com/errata/RHSA-2025:1091https://access.redhat.com/errata/RHSA-2025:1092https://access.redhat.com/errata/RHSA-2025:1093https://access.redhat.com/errata/RHSA-2025:1094