An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opendaylight
Opendaylight aaa |
|
Weaknesses | CWE-520 | |
CPEs | cpe:2.3:a:opendaylight:aaa:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opendaylight
Opendaylight aaa |
|
Metrics |
cvssV3_1
|
Sun, 15 Sep 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-15T00:00:00
Updated: 2024-09-17T14:35:39.779Z
Reserved: 2024-09-15T00:00:00
Link: CVE-2024-46943
Vulnrichment
Updated: 2024-09-17T14:35:32.422Z
NVD
Status : Awaiting Analysis
Published: 2024-09-15T23:15:11.100
Modified: 2024-09-17T15:35:11.950
Link: CVE-2024-46943
Redhat
No data.