PT-2020-9296 · Onap · Onap Sdc

Published

2020-03-18

Updated

2020-03-20

CVE-2019-12132

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ONAP SDNC versions prior to Dublin

Description An issue was discovered in ONAP SDNC where an unauthenticated attacker can execute an arbitrary command by executing the "sla/dgUpload" endpoint with a crafted filename parameter. All SDC setups that include admportal are affected.

Recommendations For versions prior to Dublin, consider disabling the sla/dgUpload endpoint until a patch is available to prevent exploitation. Restrict access to the admportal module to minimize the risk of exploitation. Avoid using the filename parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-12132

Affected Products

Onap Sdc

PT-2020-9296 · Onap · Onap Sdc

CVE-2019-12132

Weakness Enumeration

Related Identifiers

Affected Products

References · 4