CVE-2015-1612 — OpenFlow plugin for OpenDaylight LLDP Relay

Description

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."

How to fix CVE-2015-1612

To remediate CVE-2015-1612, upgrade the affected package to a fixed version below.

Maven/org.opendaylight.openflowplugin:openflowplugin—upgrade to 0.0.6-Helium-SR3 or later

Is CVE-2015-1612 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.0.6-Helium-SR3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-1612
PATCHgithub.com/opendaylight/openflowplugin
WEBgit.opendaylight.org/gerrit/#/c/16193
WEBgit.opendaylight.org/gerrit/#/c/16208