PT-2017-10788 · Linux Foundation · Onos
Johann Vierthaler
+2
·
Publicado
2017-07-13
·
Atualizado
2020-12-07
·
CVE-2017-1000081
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux foundation ONOS version 1.9.0
Description
The issue allows for unauthenticated upload of applications (.oar), resulting in remote code execution.
Recommendations
For Linux foundation ONOS version 1.9.0, consider restricting access to the application upload feature to prevent unauthenticated uploads until a fix is available.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Onos