CVE-2015-1612
HIGH7.5EPSS 0.63%OpenFlow plugin for OpenDaylight LLDP Relay
Published: 5/17/2022Modified: 4/22/2025
Description
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
Affected packages (1)
- Maven/org.opendaylight.openflowplugin:openflowpluginfrom 0, < 0.0.6-Helium-SR3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1612
- PATCHhttps://github.com/opendaylight/openflowplugin
- WEBhttps://git.opendaylight.org/gerrit/#/c/16193
- WEBhttps://git.opendaylight.org/gerrit/#/c/16208
- WEBhttps://web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
- WEBhttps://web.archive.org/web/20150701104709/https://www.internetsociety.org/sites/default/files/10_4_2.pdf