Improper Input Validation in ONOS by The Linux Foundation
CVE-2019-1010234

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Onos
Vendor: CVE Published:; 22 July 2019

Summary

The ONOS platform, developed by The Linux Foundation, is impacted by a vulnerability that allows attackers to execute arbitrary commands remotely. This arises from improper input validation within the 'runJavaCompiler' method of the 'YangLiveCompilerManager.java' component. By leveraging this vulnerability, an attacker can send crafted HTTP requests to the ONOS controller, potentially gaining the ability to manipulate the system operating environment, leading to unauthorized actions and further exploitation.

Affected Version(s)

ONOS 1.15.0 and ealier

References

https://drive.google.com/file/d/1OkMtrMgjjINsDUQwxpGxjbAT...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2019
Vulnerability Reserved
Mar 20, 2019