CVE-2024-57672 Unveiled: Exploiting an Issue in Floodlight v1.2 to Perform Local DoS Attacks via the Topology Manager, TopologyInstance, and Routing Modules

A newly discovered vulnerability, CVE-2024-57672, impacts the Floodlight OpenFlow Controller version 1.2. Armed with this exploit, attackers can perform local DoS (Denial of Service) attacks. This long-read post dives deep into the vulnerability's details, checking out the code snippet and how bad actors can potentially exploit it using the Topology Manager module, TopologyInstance module, and Routing modules. Additionally, we'll be sharing several links to original references for further understanding.

According to the CVE-2024-57672 advisory, the issue exists within Floodlight v1.2, a widely used open-source OpenFlow controller that helps manage software-defined networking (SDN) environments. With a CVSS base score of 7.8, it's considered a high-severity vulnerability that needs the attention of IT professionals.

Snippet of Affected Code

The vulnerability lies in the Floodlight's core code, specifically the Topology module. Below is a snippet of the affected code:

public class TopologyManager implements IOFMessageListener, ITopologyService {
  // ...
  private Map<DatapathId, Map<DatapathId, Set<Link>>> switchLinkMap;
  // ...
  
  public void addOrUpdateLink(Link lt, LinkInfo newInfo) {
      // ...
      switchLinkMap.get(lt.getSrc()).get(lt.getDst()).add(lt);
      // ...
  }
}

Exploit Details

An attacker can design crafted LLDP (Link Layer Discovery Protocol) packets that can manipulate the Topology Manager, TopologyInstance, and Routing modules. As a result, it would interfere with the routing of network traffic, causing a denial of service in the target Floodlight-controlled environment.

Floodlight controller's Topology Manager processes the LLDP packets.

5. The bug gets triggered, causing the Floodlight-controlled environment to cease functioning correctly.

Please note that this specific vulnerability is only exploitable if the attacker has local access to the network. Consequently, remote attacks are not viable in this case.

For further details, please check out these original references

1. Official CVE-2024-57672 advisory: Link
2. Floodlight GitHub repository: Link
3. Floodlight v1.2 release notes: Link

Conclusion

CVE-2024-57672 is a critical vulnerability that affects Floodlight v1.2. While the exploit is local and requires access to the network, it can still cause significant disruptions due to denial of service attacks. To protect their Floodlight-controlled environment, admins should follow developments about this vulnerability and apply the necessary patches as soon as they become available. Staying up-to-date with the latest security updates will help to secure SDN environments and reduce any potential impacts resulting from this issue.

Timeline

Published on: 02/06/2025 20:15:40 UTC
Last modified on: 03/17/2025 17:15:35 UTC