CVE-2024-46943

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenDaylight Authentication, Authorization and Accounting (AAA) versions through 0.19.3

Description An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA). A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

Recommendations For OpenDaylight Authentication, Authorization and Accounting (AAA) versions through 0.19.3, consider restricting cluster join permissions to prevent rogue controllers from impersonating offline peers until a patch is available. As a temporary workaround, monitor cluster activity closely to detect and respond to potential impersonation attempts.

Fix

Improper Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-287CWE-520

Related Identifiers

CVE-2024-46943

GHSA-46HR-3CQ3-MCGP

Affected Products

Opendaylight Authentication

CVE-2024-46943

Weakness Enumeration

Related Identifiers

Affected Products

References · 15