CVE-2018-1000155

Name of the Vulnerable Software and Affected Versions OpenFlow versions 1.0 and later

Description The issue concerns a Denial of Service and Improper authorization vulnerability in the OpenFlow handshake. Specifically, the DPID (DataPath IDentifier) in the features reply message is inherently trusted by the controller, which can result in Denial of Service, Unauthorized Access, and Network Instability. This can be exploited via network connectivity, where the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.

Recommendations For OpenFlow versions 1.0 and later, consider implementing additional validation for the DPID in the features reply message to prevent unauthorized access and denial of service attacks. As a temporary workaround, restrict access to the OpenFlow controller to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.