Vulnerabilities > CVE-2018-1000155 - Incorrect Authorization vulnerability in Opennetworking Openflow

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opennetworking

CWE-863

critical

NVD

Published: 2018-05-24

Updated: 2019-10-03

Summary

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.

Vulnerable Configurations

Part	Description	Count
Application	Opennetworking Opennetworking Openflow -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://users.sec.t-labs.tu-berlin.de/~hashkash/openflow/BrianOnosSecurityRequest.pdf