Saber-Berserker

#11699of 53,633
23.4Total CVSS
Vulnerabilities · 4
Medium
4
PT-2025-5861
5.5
2025-02-06
Unknown · Floodlight · CVE-2024-57672
**Name of the Vulnerable Software and Affected Versions** Floodlight version 1.2 **Description** An issue in Floodlight allows a local attacker to cause a denial of service via the Topology Manager module, the Topologylnstance module, and the Routing module. **Recommendations** For Floodlight version 1.2, consider disabling the Topology Manager module, the Topologylnstance module, and the Routing module as a temporary workaround to minimize the risk of exploitation. Restrict access to these modules to prevent a local attacker from causing a denial of service.
PT-2025-5862
5.5
2025-02-06
Unknown · Floodlight · CVE-2024-57673
**Name of the Vulnerable Software and Affected Versions** Floodlight version 1.2 **Description** An issue in Floodlight allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module. **Recommendations** For Floodlight version 1.2, as a temporary workaround, consider disabling the Topology Manager module and Linkdiscovery module until a patch is available. Restrict access to these modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-34620
6.2
2024-11-01
Unknown · Open Floodlight Sdn Controller · CVE-2024-51406
**Name of the Vulnerable Software and Affected Versions** Floodlight SDN Open Flow Controller version 1.2 **Description** The issue allows local hosts to build fake LLDP packets, which can cause specific clusters to be missed by Floodlight. This, in turn, leads to missed hosts inside and outside the cluster. An attacker can gain elevated privileges through local privilege escalation. **Recommendations** For Floodlight SDN Open Flow Controller version 1.2, patch immediately to prevent local privilege escalation. Monitor for potential exploits and assess the impact on the SDN stack. As a temporary workaround, consider restricting access to the LLDP packet handler to minimize the risk of exploitation.
PT-2024-34621
6.2
2024-11-01
Unknown · Open Floodlight Sdn Controller · CVE-2024-51407
**Name of the Vulnerable Software and Affected Versions** Floodlight SDN OpenFlow Controller version 1.2 **Description** The issue allows local hosts to construct false broadcast ports, causing inter-host communication anomalies. **Recommendations** For Floodlight SDN OpenFlow Controller version 1.2, consider restricting local host access to the OpenFlow Controller to minimize the risk of exploitation until a patch is available.