CVE-2018-1132

CVSS 7.5 HIGHEPSS 2.9%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 2.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Jun 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

[UNKNOWN] · opendaylight

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132 https://jira.opendaylight.org/browse/SDNINTRFAC-14 https://www.exploit-db.com/exploits/44747/http://www.securityfocus.com/bid/104238