CVE-2015-1611

Published: Apr 4, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."

Affected (1)

Products: Opendaylight: Openflow

Opendaylight

1 product

Openflow

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opendaylight Openflow	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.internetsociety.org/sites/default/files/10_4_2.pdf

Source: cve@mitre.org

Technical Description

http://www.securityfocus.com/bid/73254

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://cloudrouter.org/security/

Source: cve@mitre.org

Third Party Advisory

https://git.opendaylight.org/gerrit/#/c/16193/

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://git.opendaylight.org/gerrit/#/c/16208/

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP

Source: cve@mitre.org

PatchThird Party Advisory

http://www.internetsociety.org/sites/default/files/10_4_2.pdf