Vulnerabilities > CVE-2024-46943 - Unspecified vulnerability in Opendaylight Authentication, Authorization and Accounting

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

opendaylight

NVD

Published: 2024-09-15

Updated: 2024-10-24

Summary

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

Vulnerable Configurations

Part	Description	Count
Application	Opendaylight Opendaylight Authentication, Authorization AND Accounting *	1

References

https://doi.org/10.48550/arXiv.2408.16940
https://lf-opendaylight.atlassian.net/browse/AAA-285
https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html