CVE-2018-1000155

Published: May 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1000155

Description

Affected Products

References