CVE-2015-1611
HIGH7.5EPSS 0.63%OpenFlow plugin for OpenDaylight allows spoofing the SDN topology
發布日:2022/5/17修改日:2025/4/22
描述
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."
受影響套件(1)
- Maven/org.opendaylight.openflowplugin:openflowpluginfrom 0, < 0.0.6-Helium-SR3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1611
- PATCHhttps://github.com/opendaylight/openflowplugin
- WEBhttps://git.opendaylight.org/gerrit/#/c/16193
- WEBhttps://git.opendaylight.org/gerrit/#/c/16208
- WEBhttps://web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
- WEBhttps://web.archive.org/web/20150701104709/https://www.internetsociety.org/sites/default/files/10_4_2.pdf