CVE-2015-1611

HIGH

OpenDaylight OpenFlow Plugin < 0.0.6-Helium-SR3 - SDN Topology Spoofing via Fake LLDP Injection

Title source: llm
STIX 2.1

Description

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."

References (6)

Core 6
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://git.opendaylight.org/gerrit/#/c/16208/
Technical Description x_refsource_misc
http://www.internetsociety.org/sites/default/files/10_4_2.pdf
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73254
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://git.opendaylight.org/gerrit/#/c/16193/
Third Party Advisory x_refsource_confirm
https://cloudrouter.org/security/

Scores

CVSS v3 7.5
EPSS 0.0207
EPSS Percentile 79.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
opendaylight/openflow
org.opendaylight.openflowplugin/openflowplugin 0 - 0.0.6-Helium-SR3Maven
Published Apr 04, 2017
Tracked Since Feb 18, 2026