Vulnerability Description
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Related Weaknesses (CWE)
References
- https://dl.acm.org/doi/10.1145/3658644.3690345
- https://github.com/mzc796/marionette_odl
- https://github.com/mzc796/marionette_onos
- https://jira.opendaylight.org/browse/DISCOVERY-2
- https://mvnrepository.com/artifact/org.opendaylight.controller
- https://jira.opendaylight.org/browse/DISCOVERY-2
- https://mvnrepository.com/artifact/org.opendaylight.controller
FAQ
What is CVE-2024-37018?
CVE-2024-37018 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
How severe is CVE-2024-37018?
CVE-2024-37018 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-37018?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.