Open Networking Operating System · Onos · CVE-2018-12691
**Name of the Vulnerable Software and Affected Versions**
ONOS versions prior to 1.14
**Description**
A time-of-check to time-of-use (TOCTOU) race condition exists in the access control application of ONOS, allowing attackers to bypass network access control. This can be achieved via data plane packet injection.
**Recommendations**
For versions prior to 1.14, update to version 1.14 or later to resolve the issue.