CVE-2015-1612
HIGH7.5EPSS 0.63%OpenFlow plugin for OpenDaylight LLDP Relay
發布日:2022/5/17修改日:2025/4/22
描述
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
受影響套件(1)
- Maven/org.opendaylight.openflowplugin:openflowpluginfrom 0, < 0.0.6-Helium-SR3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1612
- PATCHhttps://github.com/opendaylight/openflowplugin
- WEBhttps://git.opendaylight.org/gerrit/#/c/16193
- WEBhttps://git.opendaylight.org/gerrit/#/c/16208
- WEBhttps://web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
- WEBhttps://web.archive.org/web/20150701104709/https://www.internetsociety.org/sites/default/files/10_4_2.pdf