Poor Input-Validation Vulnerability in ONOS by The Linux Foundation
CVE-2019-1010250

4.9MEDIUM

Key Information:

Vendor: Linux
Status: Onos
Vendor: CVE Published:; 18 July 2019

Summary

The ONOS software, developed by The Linux Foundation, is impacted by a flaw related to poor input validation in its createFlow() and createFlows() functions within the FlowWebResource.java component. This vulnerability can be exploited by a network administrator or an attacker, leading to the inadvertent installation of unintended flow rules in network switches. This presents a significant risk within the domain of network management and connectivity, allowing for potential misconfigurations and unauthorized network control.

Affected Version(s)

ONOS 2.0.0 and earlier

References

https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6eg...

x_refsource_MISC

https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2019
Vulnerability Reserved
Mar 20, 2019