Access-Control Flaw in IPtables Rules Management Allows Unauthorized Resource Access

Access-Control Flaw in IPtables Rules Management Allows Unauthorized Resource Access

CVE-2016-9599 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

Learn more about our User Device Pen Test.