Poor Input-Validation Vulnerability in ONOS by The Linux Foundation
CVE-2019-1010250
4.9MEDIUM
What is CVE-2019-1010250?
The ONOS software, developed by The Linux Foundation, is impacted by a flaw related to poor input validation in its createFlow() and createFlows() functions within the FlowWebResource.java component. This vulnerability can be exploited by a network administrator or an attacker, leading to the inadvertent installation of unintended flow rules in network switches. This presents a significant risk within the domain of network management and connectivity, allowing for potential misconfigurations and unauthorized network control.
Affected Version(s)
ONOS 2.0.0 and earlier