CVE-2024-51406

MEDIUM

Projectfloodlight Open Sdn Controller - Authentication Bypass by Sp...

Title source: rule

Description

Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.

References (3)

[Product] https://github.com/floodlight/floodlight

[Exploit, Issue Tracking] https://github.com/floodlight/floodlight/issues/870

[Technical Description] https://ieeexplore.ieee.org/document/10246976

Scores

CVSS v3 6.2

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

projectfloodlight/open_sdn_controller 1.2

Published Nov 01, 2024

Tracked Since Feb 18, 2026