PT-2018-11334 · Open Networking Operating System · Onos

Benjamin E. Ujcich

+2

·

Publicado

2018-07-05

·

Atualizado

2018-09-04

·

CVE-2018-12691

CVSS v3.1

6.8

Média

VetorAV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions ONOS versions prior to 1.14
Description A time-of-check to time-of-use (TOCTOU) race condition exists in the access control application of ONOS, allowing attackers to bypass network access control. This can be achieved via data plane packet injection.
Recommendations For versions prior to 1.14, update to version 1.14 or later to resolve the issue.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2018-12691

Produtos afetados

Onos