Vulnerability in Projectfloodlight Open_sdn_controller
CVE-2024-51406
Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.
EPSS: 0.002 (13.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Projectfloodlight Open_sdn_controller — versions 1.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, Issue Tracking)
- cve@mitre.org (Technical Description)
- cve@mitre.org (Product)
Frequently asked questions
- What is CVE-2024-51406?
- CVE-2024-51406 is a medium-severity vulnerability in Projectfloodlight Open_sdn_controller, classified under Authentication Bypass by Spoofing. CVSS score: 6.2/10. Published 2024-11-01.
- How severe is CVE-2024-51406?
- Medium severity. CVSS v3 base score is 6.2 out of 10.