A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104238 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132 | Issue Tracking Third Party Advisory |
https://jira.opendaylight.org/browse/SDNINTRFAC-14 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44747/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-06-20T13:00:00
Updated: 2018-06-21T09:57:01
Reserved: 2017-12-04T00:00:00
Link: CVE-2018-1132
JSON object: View
NVD Information
Status : Modified
Published: 2018-06-20T13:29:00.270
Modified: 2019-10-09T23:38:10.943
Link: CVE-2018-1132
JSON object: View
Redhat Information
No data.
CWE