CVE-2024-46943

Опубликовано: 15 сент. 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 9.1

EPSS Низкий

Описание

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

Ссылки

https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
Release Notes
https://doi.org/10.48550/arXiv.2408.16940
Technical Description
https://lf-opendaylight.atlassian.net/browse/AAA-285
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendaylight:authentication\,_authorization_and_accounting:*:*:*:*:*:*:*:*

Версия до 0.19.3 (включая)

EPSS

Процентиль: 50%

0.00268

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-520

Связанные уязвимости

GHSA-46hr-3cq3-mcgp

CVSS3: 4.3

github

больше 1 года назад

OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

EPSS

Процентиль: 50%

0.00268

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-520