Vulnerabilities > CVE-2018-1078 - Unspecified vulnerability in Opendaylight Openflow Sp1/Sp2/Sp3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

opendaylight

NVD

Published: 2018-03-16

Updated: 2019-10-09

Summary

OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.

Vulnerable Configurations

Part	Description	Count
Application	Opendaylight Opendaylight Openflow * Opendaylight Openflow Sp1 Opendaylight Openflow Sp2 Opendaylight Openflow Sp3	4

References

https://bugzilla.redhat.com/show_bug.cgi?id=1533501
https://jira.opendaylight.org/browse/OPNFLWPLUG-971