Login Sign Up

CVE-2024-37018

9.1 CRITICAL

📋 TL;DR

CVE-2024-37018 is a topology poisoning vulnerability in OpenDaylight SDN controllers that allows malicious applications to manipulate network discovery packet paths, potentially enabling man-in-the-middle attacks or network disruption. This affects organizations using OpenDaylight 0.15.3 for software-defined networking.

💻 Affected Systems

Products:
  • OpenDaylight SDN Controller
Versions: 0.15.3 specifically (based on CVE description)
Operating Systems: All platforms running OpenDaylight
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the discovery mechanism API that allows path manipulation of discovery packets.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network topology manipulation allowing traffic interception, redirection, or denial of service across the entire SDN-controlled network infrastructure.

🟠

Likely Case

Localized network disruption, traffic manipulation within specific segments, or unauthorized network topology changes affecting routing decisions.

🟢

If Mitigated

Limited impact if proper network segmentation, API access controls, and monitoring are implemented to detect anomalous topology changes.

🌐 Internet-Facing: MEDIUM - While the API may be exposed, exploitation typically requires application-level access rather than direct internet-facing attack vectors.
🏢 Internal Only: HIGH - This vulnerability primarily affects internal SDN controllers where malicious applications or compromised internal systems can exploit the API.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires API access to manipulate discovery packets. Public research (marionette_odl) demonstrates exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://jira.opendaylight.org/browse/DISCOVERY-2

Restart Required: Yes

Instructions:

1. Monitor OpenDaylight security advisories for patches. 2. If patch becomes available, backup configuration. 3. Apply patch following vendor instructions. 4. Restart OpenDaylight services. 5. Verify topology functionality.

🔧 Temporary Workarounds

Restrict API Access

linux

Limit access to OpenDaylight API endpoints to trusted applications only using network controls or API gateways.

# Configure firewall rules to restrict API access
iptables -A INPUT -p tcp --dport 8181 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 8181 -j DROP

Disable Unnecessary Discovery Features

all

If topology discovery features are not required, disable or restrict them in OpenDaylight configuration.

# Edit OpenDaylight configuration to limit discovery functionality
# Refer to OpenDaylight documentation for specific configuration parameters

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate OpenDaylight controllers from untrusted networks
  • Deploy API security gateways with rate limiting and anomaly detection for OpenDaylight API endpoints

🔍 How to Verify

Check if Vulnerable:

Check OpenDaylight version: grep -i version /path/to/opendaylight/logs/*.log or check Maven dependencies for org.opendaylight.controller version 0.15.3.

Check Version:

find / -name "*opendaylight*" -type f -exec grep -l "0.15.3" {} \; 2>/dev/null

Verify Fix Applied:

After applying mitigations, test that unauthorized applications cannot manipulate topology discovery paths via API requests.

📡 Detection & Monitoring

Log Indicators:

  • Unusual topology change events in OpenDaylight logs
  • Multiple API requests to discovery endpoints from unauthorized sources
  • Abnormal network path modifications

Network Indicators:

  • Unexpected changes in network topology tables
  • Anomalous discovery packet patterns
  • Unauthorized API traffic to OpenDaylight controller

SIEM Query:

source="opendaylight*" AND ("topology change" OR "discovery" OR "path manipulation") AND severity>=WARNING

📊 Metadata

CVE ID: CVE-2024-37018
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-648
Published: May 31, 2024
Last Updated: December 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37018, you might also want to check these:

CVE-2022-2023 9.8

This vulnerability involves incorrect use of privileged APIs in the trudesk help desk software, allo...

Same vulnerability type (CWE-648)
CVE-2023-4972 9.8

This vulnerability in Yepas Digital Yepas involves incorrect use of privileged APIs, allowing attack...

Same vulnerability type (CWE-648)
CVE-2024-11068 9.8

CVE-2024-11068 is a critical vulnerability in D-Link DSL6740C modems that allows unauthenticated rem...

Same vulnerability type (CWE-648)