PT-2020-9279 · Onap · Onap Operations Manager+1
Published
2020-03-18
·
Updated
2021-07-21
·
CVE-2019-12115
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ONAP SDC versions through Dublin
ONAP Operations Manager (OOM) (affected versions not specified)
Description
An issue was discovered in ONAP SDC, allowing an unauthenticated attacker with access to pod-to-pod communication to execute arbitrary code inside the demo-sdc-sdc-be pod by accessing port 4000. All ONAP Operations Manager (OOM) setups are affected.
Recommendations
For ONAP SDC versions through Dublin, consider restricting access to port 4000 of the demo-sdc-sdc-be pod to minimize the risk of exploitation.
For ONAP Operations Manager (OOM), at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onap Operations Manager
Onap Sdc