CVE-2015-1612

Опубликовано: 04 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."

Ссылки

http://www.internetsociety.org/sites/default/files/10_4_2.pdf
Technical Description
http://www.securityfocus.com/bid/73254
Third Party Advisory
VDB Entry
https://cloudrouter.org/security/
Third Party Advisory
https://git.opendaylight.org/gerrit/#/c/16193/
Issue Tracking
Patch
Third Party Advisory
https://git.opendaylight.org/gerrit/#/c/16208/
Issue Tracking
Patch
Third Party Advisory
https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
Patch
Third Party Advisory
http://www.internetsociety.org/sites/default/files/10_4_2.pdf
Technical Description
http://www.securityfocus.com/bid/73254
Third Party Advisory
VDB Entry
https://cloudrouter.org/security/
Third Party Advisory
https://git.opendaylight.org/gerrit/#/c/16193/
Issue Tracking
Patch
Third Party Advisory
https://git.opendaylight.org/gerrit/#/c/16208/
Issue Tracking
Patch
Third Party Advisory
https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendaylight:openflow:-:*:*:*:*:opendaylight:*:*

EPSS

Процентиль: 76%

0.00971

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-f2x4-547g-rp95