{"api_version":"1","generated_at":"2026-04-21T10:21:17+00:00","cve":"CVE-2015-1612","urls":{"html":"https://cve.report/CVE-2015-1612","api":"https://cve.report/api/cve/CVE-2015-1612.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-1612","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-1612"},"summary":{"title":"CVE-2015-1612","description":"OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka \"LLDP Relay.\"","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-04-04 17:59:00","updated_at":"2017-04-11 17:28:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP","name":"https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"Security Advisories - OpenDaylight Project","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/73254","name":"73254","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"OpenDaylight OpenFlow Plugin Multiple Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://cloudrouter.org/security/","name":"https://cloudrouter.org/security/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://git.opendaylight.org/gerrit/#/c/16208/","name":"https://git.opendaylight.org/gerrit/#/c/16208/","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Gerrit Code Review","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.internetsociety.org/sites/default/files/10_4_2.pdf","name":"http://www.internetsociety.org/sites/default/files/10_4_2.pdf","refsource":"MISC","tags":["Technical Description"],"title":"Page not found | Internet Society","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"https://git.opendaylight.org/gerrit/#/c/16193/","name":"https://git.opendaylight.org/gerrit/#/c/16193/","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Gerrit Code Review","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-1612","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1612","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"1612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opendaylight","cpe5":"openflow","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"opendaylight","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1612","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opendaylight","cpe5":"openflow","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"opendaylight","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-1612","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka \"LLDP Relay.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://git.opendaylight.org/gerrit/#/c/16208/","refsource":"CONFIRM","url":"https://git.opendaylight.org/gerrit/#/c/16208/"},{"name":"http://www.internetsociety.org/sites/default/files/10_4_2.pdf","refsource":"MISC","url":"http://www.internetsociety.org/sites/default/files/10_4_2.pdf"},{"name":"https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP","refsource":"CONFIRM","url":"https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP"},{"name":"73254","refsource":"BID","url":"http://www.securityfocus.com/bid/73254"},{"name":"https://git.opendaylight.org/gerrit/#/c/16193/","refsource":"CONFIRM","url":"https://git.opendaylight.org/gerrit/#/c/16193/"},{"name":"https://cloudrouter.org/security/","refsource":"CONFIRM","url":"https://cloudrouter.org/security/"}]}},"nvd":{"publishedDate":"2017-04-04 17:59:00","lastModifiedDate":"2017-04-11 17:28:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opendaylight:openflow:-:*:*:*:*:opendaylight:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"1612","Ordinal":"78507","Title":"CVE-2015-1612","CVE":"CVE-2015-1612","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"1612","Ordinal":"1","NoteData":"OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka \"LLDP Relay.\"","Type":"Description","Title":null},{"CveYear":"2015","CveId":"1612","Ordinal":"2","NoteData":"2017-04-04","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"1612","Ordinal":"3","NoteData":"2017-04-04","Type":"Other","Title":"Modified"}]}}}