PT-2024-33235 · Open Networking Foundation · Onos-A1T+1
Bergen876
·
Published
2024-11-04
·
Updated
2024-11-06
·
CVE-2024-48809
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Open Networking Foundations sdran-in-a-box version 1.4.3
Open Networking Foundations onos-a1t version 0.2.3
Description
A denial of service issue allows a remote attacker to cause a disruption in service via the
DeleteWatcher function in the onos-a1t component of the sdran-in-a-box.Recommendations
For Open Networking Foundations sdran-in-a-box version 1.4.3, consider disabling the
DeleteWatcher function in the onos-a1t component as a temporary workaround until a patch is available.
For Open Networking Foundations onos-a1t version 0.2.3, restrict access to the onos-a1t component to minimize the risk of exploitation until a fix is applied.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onos-A1T
Sdran-In-A-Box