CVE Identifier: CVE-2015-5240 Vulnerability Description: Firewall rules bypass through port update in openstack-neutron. An authenticated user may circumvent firewall rules and anti-spoofing controls by changing the device owner of an instance's port. Affected Versions: openstack-neutron versions up to 2014.2.3 and 2015.1 Impact: Medium severity affecting security features. Status: Closed with an Errata update (RHSA-2015:1909). Acknowledgements: Thanks to the OpenStack project for reporting the issue, and Kevin Benton for the original report. Resolution Link:  for RHEL versions and patches. Broad Impact: All Neutron setups relying on the ML2 plugin or AMQP API for security groups are affected.