CVE-2024-46942

Summary

CVE-2024-46942 is a critical vulnerability affecting the OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) up to version 13.0.1, where a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. This flaw poses significant risks to organizations, as it could lead to unauthorized changes in network flow configurations, resulting in high integrity and confidentiality impacts. The vulnerability has an exploitability score of 3.9, indicating a low level of complexity for attackers and no privileges or user interaction required for exploitation. To mitigate this risk, organizations should upgrade to the latest version of OpenDaylight MD-SAL following the guidance detailed in the release notes. Failure to address this vulnerability may expose networks to potential manipulation and unauthorized access by malicious actors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.