CVE-2018-1000155
Last modified
CVE-2018-1000155 is a vulnerability of currently unknown severity. OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. EPSS estimates a 1.21% chance of exploitation in the next 30 days.
Description
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opennetworking | Openflow | All versions |
References
- http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdfMailing List, Third Party Advisory
- http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdfMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000155?
How severe is CVE-2018-1000155?
How do I fix CVE-2018-1000155?
Are you affected by CVE-2018-1000155?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST