forked from Cloudxtreme/cloudrouter-security
-
Notifications
You must be signed in to change notification settings - Fork 1
/
CRSA-2015-0002.yaml
45 lines (37 loc) · 1.23 KB
/
CRSA-2015-0002.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
title: 'OpenDaylight openflowplugin allows topology spoofing via host tracking'
description: 'It has been reported that it is possible for an attacker to spoof
network topology via host tracking. An attacker can abuse host tracking by updating
the host location information without any validation, authentication or
authorization. This makes it possible to impersonate other network devices by
obtaining their MAC address. This issue is related to well-known MAC spoofing
attacks. Further technical details are available in a conference paper.'
references:
- http://www.internetsociety.org/sites/default/files/10_4_2.pdf
affected-products:
- product: CloudRouter
version:
- id: 1.0-beta
component: opendaylight-helium
issues:
- 8
patches:
- TODO
vulnerabilities:
- cve-id: CVE-2015-1610
cloudrouter-security-issue: 2
impact-assessment:
source: 'IIX Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.3
detail: AV:A/AC:M/Au:N/C:N/I:P/A:P
classification:
source: 'IIX Product Security'
type: CWE
detail: TODO
reporters:
- name: 'Lei Xu'
affiliation: 'Texas A&M'
reported:
- CVE-2015-1610