CVE-2022-45931 is a high-severity SQL injection vulnerability identified in the AAA (Authentication, Authorization, and Accounting) component of OpenDaylight (ODL) versions prior to 0.16.5. OpenDaylight is an open-source platform widely used for software-defined networking (SDN) and network function virtualization (NFV). The vulnerability resides specifically in the deleteUser function within the UserStore.java file of the aaa-idm-store-h2 module, which interacts with the H2 database. The affected API endpoint is /auth/v1/users/, which is used for user management operations. The flaw allows an unauthenticated attacker to inject malicious SQL commands via crafted input to the API, exploiting improper input sanitization. This can lead to unauthorized modification of user data, specifically the deletion or alteration of user records, compromising the integrity of the authentication datastore. The CVSS 3.1 base score is 7.5, reflecting a high impact on integrity with no impact on confidentiality or availability, no privileges required, no user interaction needed, and network attack vector. Although no known exploits are reported in the wild, the vulnerability’s nature and ease of exploitation make it a significant risk for affected deployments. Since OpenDaylight is a critical component in many network infrastructures, exploitation could disrupt network management and control functions, potentially cascading into broader operational issues.

For European organizations, especially those relying on OpenDaylight for SDN and NFV deployments in telecom, data centers, and large enterprise networks, this vulnerability poses a serious risk. Exploitation could allow attackers to manipulate user accounts within the AAA system, potentially leading to unauthorized access or denial of legitimate administrative actions. This undermines the integrity of network control systems, possibly resulting in misconfigurations, unauthorized network changes, or loss of administrative control. Given the central role of OpenDaylight in managing network flows and policies, such disruptions could impact service availability indirectly, affect compliance with data protection regulations, and damage organizational reputation. Critical infrastructure operators, telecom providers, and cloud service providers in Europe are particularly at risk due to their reliance on SDN technologies. The lack of required authentication and user interaction increases the attack surface, making remote exploitation feasible by threat actors.

Organizations should prioritize upgrading OpenDaylight to version 0.16.5 or later where this vulnerability is patched. In environments where immediate patching is not feasible, network-level controls should be implemented to restrict access to the /auth/v1/users/ API endpoint, limiting it to trusted management networks and authenticated users only. Deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting this endpoint can provide additional protection. Regular auditing of user account changes and monitoring API access logs for anomalous activity is recommended to detect potential exploitation attempts. Network segmentation should be enforced to isolate SDN controllers from general user networks. Additionally, employing runtime application self-protection (RASP) tools or database activity monitoring can help detect and prevent malicious SQL queries. Finally, organizations should review and tighten input validation mechanisms in custom integrations with OpenDaylight to reduce injection risks.