CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Published: 2021-05-28 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-20267 is rated Moderate Risk (49.8/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.01%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-20267

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.13% 1.01% +0.89%
2 2026-05-15 0.19% 0.13% -0.06%
3 2026-05-12 0.19%

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-20267

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.1 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 4.2 [email protected]
5.5 2.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.0 4.9 [email protected]

Weakness enumeration for CVE-2021-20267

GitHub Security Advisory for CVE-2021-20267

GHSA-w8hx-f868-pvch · Severity: high · Ecosystem: pip — Openstack Neutron has Insufficient Verification of IPv6 addresses

OS Trackers for CVE-2021-20267

vendor priority summary link
debian not yet assigned CVE-2021-20267 not yet assigned priority: Debian including 1 source packages (neutron), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2021-20267
redhat medium https://access.redhat.com/security/cve/CVE-2021-20267
suse high CVE-2021-20267 severity important: SUSE including 11 source package names (openstack-neutron, openstack-neutron-dhcp-agent, …), 55 product×package rows across 5 product lines (HPE Helion OpenStack 8, SUSE OpenStack Cloud 8, … (5 product lines)): Known Not Affected 55. https://www.suse.com/security/cve/CVE-2021-20267/
ubuntu medium CVE-2021-20267 medium priority: Ubuntu including 1 source packages (neutron), 16 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 9, released 3, ignored 2, DNE 1, needed 1. https://ubuntu.com/security/CVE-2021-20267

Affected software / configurations for CVE-2021-20267

Vendor Product Version Raw CPE
openstack neutron < 16.3.3 cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
openstack neutron >= 17.0.0, < 17.1.3 cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
openstack neutron 18.0.0 cpe:2.3:a:openstack:neutron:18.0.0:*:*:*:*:*:*:*
redhat openstack_platform 10.0 cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*
redhat openstack_platform 13.0 cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
redhat openstack_platform 16.1 cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
redhat openstack_platform 16.2 cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*

References for CVE-2021-20267

URL Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1934330 Issue Tracking Patch Third Party Advisory
https://security.openstack.org/ossa/OSSA-2021-001.html Patch Vendor Advisory
cvelogic Threat Intelligence