CVE-2015-1612: Input Validation
First published: Tue Apr 04 2017(Updated: )
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenDaylight |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.internetsociety.org/sites/default/files/10_4_2.pdf
- http://www.securityfocus.com/bid/73254
- https://cloudrouter.org/security/
- https://git.opendaylight.org/gerrit/#/c/16193/
- https://git.opendaylight.org/gerrit/#/c/16208/
- https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP
Frequently Asked Questions
What is the severity of CVE-2015-1612?
CVE-2015-1612 is considered to be of medium severity due to its potential impact on SDN topology spoofing.
How do I fix CVE-2015-1612?
To mitigate CVE-2015-1612, it is recommended to upgrade to the latest version of OpenDaylight beyond Helium SR3.
Who is affected by CVE-2015-1612?
All users of OpenDaylight with the OpenFlow plugin prior to Helium SR3 are affected by CVE-2015-1612.
What is the impact of CVE-2015-1612?
CVE-2015-1612 allows remote attackers to spoof the SDN topology, potentially compromising the flow of data.
Is CVE-2015-1612 related to packet reuse?
Yes, CVE-2015-1612 is related to the reuse of LLDP packets in the OpenFlow plugin.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/opendaylight
- canonical/opendaylight