CVE-2024-46942

6.5

Medium

Published:15 Sep 2024

Last updated:17 Jun 2026

Source:cve@mitre.org

Modified

Weakness (CWE)

CWE-285CWE-285

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.

References

cve@mitre.org

https://docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html

cve@mitre.org

https://doi.org/10.48550/arXiv.2408.16940

cve@mitre.org

https://lf-opendaylight.atlassian.net/browse/MDSAL-869