Skip to main content

Opendaylight CVE-2017-1000361

HIGH
2017-04-24 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 24, 2017 - 16:59 cve.org
HIGH 7.5

DescriptionCVE.org

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

AnalysisAI

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. Affected products include: Opendaylight.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-1000357 HIGH POC
7.5 Apr 24

Denial of Service attack when the switch rejects to receive packets from the controller. Rated high severity (CVSS 7.5),

CVE-2022-45932 HIGH POC
7.5 Nov 27

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vu

CVE-2022-45930 HIGH POC
7.5 Nov 27

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vu

CVE-2017-1000358 MEDIUM POC
6.5 Apr 24

Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Rated medium seve

CVE-2015-1778 CRITICAL
9.8 Jun 27

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authe

CVE-2017-1000359 MEDIUM POC
5.3 Apr 24

Java out of memory error and significant increase in resource consumption. Rated medium severity (CVSS 5.3), this vulner

CVE-2017-1000360 MEDIUM POC
5.3 Apr 24

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Rated medium severity (CVSS 5.3), this

CVE-2022-45931 HIGH
7.5 Nov 27

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. Rated high severity (CVSS 7.5), this vu

CVE-2014-5035 MEDIUM
6.8 Aug 26

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity

Share

CVE-2017-1000361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy