CVE-2024-57672
Description
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Floodlight v1.2 has a denial-of-service vulnerability in the Topology Manager, TopologyInstance, and Routing modules allowing a local attacker to manipulate link states.
Vulnerability
The vulnerability in Floodlight v1.2 (floodlight) allows a local attacker connected to a legacy switch in an SDN topology to cause a denial-of-service by manipulating link state transitions. The bug exists in the Topology Manager, TopologyInstance, and Routing modules. An attacker can remove an external link containing a legacy switch from the topology by modifying a packet and sending it multiple times. This affects the controller's ability to maintain accurate topology information, leading to improper forwarding of data streams. [1]
Exploitation
A local attacker must have a host connected to a legacy (non-OpenFlow) switch within the SDN topology. The attacker can craft and repeatedly send modified packets to trigger erroneous link state updates. The reproduction steps involve starting the Floodlight controller, setting up a Mininet topology with legacy switches, and sending specially crafted packets. No authentication is required beyond network access to the legacy switch. [1]
Impact
Successful exploitation results in a denial-of-service condition where host data streams that traverse the affected external link are not forwarded properly. The attack degrades network connectivity and can disrupt SDN operations by corrupting the controller's view of the topology. [1]
Mitigation
As of the available references, no fix has been released for Floodlight v1.2. The vulnerability is reported in the project's issue tracker, and users are advised to monitor the repository for updates. No workaround is currently documented. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation of LLDP packet source addresses allows a malicious host to forge link-layer discovery protocol (LLDP) frames that cause the controller to incorrectly remove a legitimate external link from the topology."
Attack vector
A malicious host connected to a legacy (non-OpenFlow) switch sends forged LLDP packets (ether type 0x8942) with a spoofed source MAC address and crafted payload. The Floodlight controller accepts these packets as legitimate link-state advertisements and, after receiving multiple such packets over approximately 35 seconds, removes the external link that connects the legacy switch to the OpenFlow network [ref_id=1]. This causes a denial of service because data flows that traverse the removed link are no longer forwarded correctly.
Affected code
The issue report [ref_id=1] identifies the Topology Manager module, TopologyInstance module, and Routing module as the affected components. No specific file paths or function names are provided in the bundle. The vulnerability lies in how these modules process incoming LLDP frames and update link-state information without verifying the authenticity of the packets.
What the fix does
No patch is published in the supplied bundle. The issue report [ref_id=1] describes the missing security measures for link state transitions but does not include a fix. The advisory implies that the controller should validate the authenticity of LLDP packets — for example, by verifying that the source MAC address matches the expected switch port — before acting on link-state information. Without such validation, any host on the network can inject forged LLDP frames and disrupt topology discovery.
Preconditions
- networkAttacker must be a host connected to a legacy (non-OpenFlow) switch that is part of the Floodlight-managed SDN topology.
- inputAttacker must be able to send raw Ethernet frames with ether type 0x8942 (LLDP) and a spoofed source MAC address.
Reproduction
1. Start Floodlight and Mininet with the provided topo.py topology that includes legacy switches (OVSBridge). 2. On the malicious host (h4, connected to legacy switch r2), capture a legitimate LLDP frame using `scapy` and extract the payload bytes. 3. Run poc.py, which sends forged LLDP packets (spoofed source MAC `11:11:11:11:11:11`, ether type `0x8942`, and the captured payload) every 0.8 seconds. 4. After approximately 35 seconds, the external link between the legacy switch and the OpenFlow switch is removed from the topology, disrupting traffic that traverses that link [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.