CVE-2022-29604

Name of the Vulnerable Software and Affected Versions ONOS version 2.5.1

Description An issue was discovered in ONOS where an intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. This occurs due to improper handling of case sensitivity, causing inconsistency between intent and flow rules in the network.

Recommendations For ONOS version 2.5.1, consider updating to a newer version that properly handles case sensitivity in device IDs to resolve the issue. As a temporary workaround, ensure that device IDs are entered consistently, either all in uppercase or all in lowercase, to minimize inconsistencies between intent and flow rules.