PT-2019-11529 · Open Networking Operating System · Onos

Publicado

2019-07-18

Atualizado

2019-07-29

CVE-2019-1010252

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: ONOS versions 2.0.0 and earlier

Description: The issue is related to poor input validation, which can lead to unintended flow rules being installed in the switch. This can occur through the applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is network management and connectivity.

Recommendations: For ONOS versions 2.0.0 and earlier, consider restricting access to the applyFlowRules() and apply() functions in FlowRuleManager.java to minimize the risk of exploitation. As a temporary workaround, limit the installation of flow rules to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2019-1010252

Produtos afetados

Onos

PT-2019-11529 · Open Networking Operating System · Onos

CVE-2019-1010252

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4