CVE-2019-16300

Name of the Vulnerable Software and Affected Versions Open Network Operating System (ONOS) version 1.14

Description An issue in the access control application (org.onosproject.acl) of Open Network Operating System (ONOS) causes the host event listener to not handle the HOST REMOVED event type. This could lead to the absence of intended code execution when combined with other applications.

Recommendations For Open Network Operating System (ONOS) version 1.14, consider disabling the host event listener in the access control application as a temporary workaround until a patch is available. Restrict access to the org.onosproject.acl module to minimize the risk of exploitation. Avoid using the HOST REMOVED event type in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.