CVE-2024-51406

MEDIUM

Floodlight SDN Open Flow Controller 1.2 - Authentication Bypass by Spoofing via Fake LLDP Packets

Title source: llm

Description

Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.

References (3)

Core 3

Core References

Product

https://github.com/floodlight/floodlight

Exploit, Issue Tracking

https://github.com/floodlight/floodlight/issues/870

Technical Description

https://ieeexplore.ieee.org/document/10246976

Scores

CVSS v3 6.2

EPSS 0.0023

EPSS Percentile 13.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

projectfloodlight/open_sdn_controller 1.2

Published Nov 01, 2024

Tracked Since Feb 18, 2026