CVE-2021-38364

Name of the Vulnerable Software and Affected Versions ONOS version 2.5.1

Description An issue was discovered in ONOS where there is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.

Recommendations For ONOS version 2.5.1, consider restricting access to intent installation and removal functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor flow rules closely for any unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.