Details of VAR-202109-0070

ID

VAR-202109-0070

CVE

CVE-2020-18684

TITLE

Floodlight integer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-77610

DESCRIPTION

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. Floodlight is an open source OpenFlow controller. No detailed vulnerability details are currently provided

Trust: 1.53

sources: NVD: CVE-2020-18684 // CNVD: CNVD-2021-77610 // VULMON: CVE-2020-18684

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-77610

AFFECTED PRODUCTS

vendor:	atlassian	model:	floodlight	scope:	lte	version:	1.2	Trust: 1.0
vendor:	floodlight	model:	floodlight	scope:	eq	version:	1.2	Trust: 0.6

sources: CNVD: CNVD-2021-77610 // NVD: CVE-2020-18684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-18684
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-77610
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202109-1953
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-18684
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-77610
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-18684
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-77610 // CNNVD: CNNVD-202109-1953 // NVD: CVE-2020-18684

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.0

sources: NVD: CVE-2020-18684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1953

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1953

EXTERNAL IDS

db:	NVD	id:	CVE-2020-18684	Trust: 2.3
db:	CNVD	id:	CNVD-2021-77610	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1953	Trust: 0.6
db:	VULMON	id:	CVE-2020-18684	Trust: 0.1

sources: CNVD: CNVD-2021-77610 // VULMON: CVE-2020-18684 // CNNVD: CNNVD-202109-1953 // NVD: CVE-2020-18684

REFERENCES

url:	https://drive.google.com/open?id=1310ms7djrff0n2ymmzvts8x5ojuhqvx5	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-18684	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-77610 // VULMON: CVE-2020-18684 // CNNVD: CNNVD-202109-1953 // NVD: CVE-2020-18684

SOURCES

db:	CNVD	id:	CNVD-2021-77610
db:	VULMON	id:	CVE-2020-18684
db:	CNNVD	id:	CNNVD-202109-1953
db:	NVD	id:	CVE-2020-18684

LAST UPDATE DATE

2024-08-14T14:50:11.483000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-77610	date:	2021-10-16T00:00:00
db:	VULMON	id:	CVE-2020-18684	date:	2021-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202109-1953	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2020-18684	date:	2021-10-07T17:17:23.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-77610	date:	2021-10-16T00:00:00
db:	VULMON	id:	CVE-2020-18684	date:	2021-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202109-1953	date:	2021-09-30T00:00:00
db:	NVD	id:	CVE-2020-18684	date:	2021-09-30T02:15:06.710