PT-2018-10478 · Opendaylight+1 · Opendaylight Sdninterfaceapp+1

Pedro Sampaio

Published

2018-06-20

Updated

2019-10-09

CVE-2018-1132

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Opendaylight SDNInterfaceapp (SDNI) (affected versions not specified)

Description A flaw was found in Opendaylight's SDNInterfaceapp, allowing attackers to perform SQL injection on the component's database (SQLite) without authentication. The SDNInterface component has been deprecated since the final Carbon series release and is not included in newer OpenDayLight releases or packaged in the opendaylight package in RHEL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-1132

Affected Products

Opendaylight Sdninterfaceapp

Sqlite

PT-2018-10478 · Opendaylight+1 · Opendaylight Sdninterfaceapp+1

CVE-2018-1132

Weakness Enumeration

Related Identifiers

Affected Products

References · 6