CVE-2019-16302

Name of the Vulnerable Software and Affected Versions Open Network Operating System (ONOS) version 1.14

Description An issue was discovered in the Ethernet VPN application, specifically in the host event listener, which does not handle the event types HOST MOVED and HOST UPDATED. This could lead to the absence of intended code execution when combined with other applications.

Recommendations For Open Network Operating System (ONOS) version 1.14, consider modifying the host event listener in the Ethernet VPN application to handle the HOST MOVED and HOST UPDATED event types until a patch is available. As a temporary workaround, restrict the use of the Ethernet VPN application in combination with other applications to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.