CVE-2019-1010249

4.9MEDIUM

Key Information:

Vendor: Linux
Status: Onos
Vendor: CVE Published:; 18 July 2019

Summary

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.

Affected Version(s)

ONOS 2.0.0 and earlier

References

https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5...

x_refsource_MISC

https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6eg...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2019
Vulnerability Reserved
Mar 20, 2019