CVE-2024-57672 – A local denial-of-service vulnerability in Floo... (How to Fix)

Q: What is the severity of CVE-2024-57672?

CVE-2024-57672 has a CVSS score of 5.5 (MEDIUM). A local denial-of-service vulnerability in Floodlight v1.2 allows attackers with local access to crash the controller via the Topology Manager, TopologyInstance, and Routing modules. This affects organizations running vulnerable Floodlight SDN controllers. The vulnerability requires local access to the controller system.

📋 TL;DR

A local denial-of-service vulnerability in Floodlight v1.2 allows attackers with local access to crash the controller via the Topology Manager, TopologyInstance, and Routing modules. This affects organizations running vulnerable Floodlight SDN controllers. The vulnerability requires local access to the controller system.

💻 Affected Systems

Products:

Floodlight SDN Controller

Versions: v1.2

Operating Systems: All platforms running Floodlight

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Floodlight v1.2. Requires local access to controller host.

📦 What is this software?

Floodlight by Projectfloodlight

View all CVEs affecting Floodlight →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete controller crash leading to network control plane failure, disrupting all SDN-managed network operations until manual restart.

🟠

Likely Case

Controller instability requiring restart, causing temporary network management disruption.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent local attacker access.

🌐 Internet-Facing: LOW - Requires local access to controller system, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers on controller host can cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Local access required. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issue for latest fix

Vendor Advisory: https://github.com/floodlight/floodlight/issues/871

Restart Required: Yes

Instructions:

1. Check GitHub issue #871 for fix details. 2. Update to patched version. 3. Restart Floodlight controller.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to Floodlight controller host to authorized administrators only.

Implement strict user access controls
Use sudo restrictions
Apply principle of least privilege

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to controller host
Monitor controller logs for crash/restart events and implement automated alerting

🔍 How to Verify

Check if Vulnerable:

Check Floodlight version: grep version floodlight.properties or check startup logs

Check Version:

grep 'floodlight.version' floodlight.properties

Verify Fix Applied:

Verify version is updated beyond v1.2 and monitor for stability

📡 Detection & Monitoring

Log Indicators:

Controller crash logs
Unexpected restarts
Topology/Routing module failure messages

Network Indicators:

Loss of SDN controller connectivity
Network control plane disruptions

SIEM Query:

source="floodlight.log" AND ("crash" OR "restart" OR "topology" OR "routing")

📊 Metadata

CVE ID: CVE-2024-57672

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.03% exploit probability (9.1th percentile)

Published: February 6, 2025

Last Updated: April 23, 2025

🔗 References

https://github.com/floodlight/floodlight/issues/871 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57672, you might also want to check these: