PT-2017-6503 · Opendaylight · Opendaylight

Publicado

2017-04-04

Atualizado

2022-05-17

CVE-2015-1612

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenDaylight versions prior to Helium SR3

Description The issue allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets. This is often referred to as "LLDP Relay."

Recommendations For versions prior to Helium SR3, update to Helium SR3 or later to resolve the issue. As a temporary workaround, consider restricting the reuse of LLDP packets to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-1612

GHSA-F2X4-547G-RP95

Produtos afetados

Opendaylight

PT-2017-6503 · Opendaylight · Opendaylight

CVE-2015-1612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11