forked from Cloudxtreme/cloudrouter-security
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCRSA-2015-0001.yaml
57 lines (49 loc) · 1.5 KB
/
CRSA-2015-0001.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
title: 'OpenDaylight openflowplugin allows topology spoofing via LLDP'
description: 'It has been reported that it is possible for an attacker to spoof
networking topology via LLDP. An attacker can inject crafted LLDP packets that
announce internal links between switches, thereby affecting the flow of data in
the SDN network. Further technical details are available in a conference paper.'
references:
- http://www.internetsociety.org/sites/default/files/10_4_2.pdf
affected-products:
- product: CloudRouter
version:
- id: 1.0-beta
component: opendaylight-helium
issues:
- 7
patches:
- https://git.opendaylight.org/gerrit/#/c/16193/
- https://git.opendaylight.org/gerrit/#/c/16208/
vulnerabilities:
- cve-id: CVE-2015-1611
cloudrouter-security-issue: 1
impact-assessment:
source: 'IIX Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.3
detail: AV:A/AC:M/Au:N/C:N/I:P/A:P
classification:
source: 'IIX Product Security'
type: CWE
detail: TODO
- cve-id: CVE-2015-1612
impact-assessment:
source: 'IIX Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.3
detail: AV:A/AC:M/Au:N/C:N/I:P/A:P
classification:
source: 'IIX Product Security'
type: CWE
detail: TODO
reporters:
- name: 'Lei Xu'
affiliation: 'Texas A&M'
reported:
- CVE-2015-1611
- CVE-2015-1612