CVE-2018-1000155

Impact:
Moderate
Public Date:
2018-05-09
CWE:
CWE-287
Bugzilla:
1578652: CVE-2018-1000155 openflow: Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow handshake

The MITRE CVE dictionary describes this issue as:

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.

Find out more about CVE-2018-1000155 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact High

Affected Packages State

Platform Package State
Red Hat OpenStack Platform 9.0 opendaylight Will not fix
Red Hat OpenStack Platform 8.0 (Liberty) opendaylight Will not fix
Red Hat OpenStack Platform 13.0 (Queens) opendaylight Affected
Red Hat OpenStack Platform 12.0 opendaylight Will not fix
Red Hat OpenStack Platform 11.0 (Ocata) opendaylight Will not fix
Red Hat OpenStack Platform 10 opendaylight Will not fix

Mitigation

Enable TLS in OpenFlow plugin. Upstream documentation is a useful resource.
https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.