Code Execution Vulnerability in Ethernet VPN Application by Open Network Operating System
CVE-2019-16302

7.5HIGH

Key Information:

Vendor: Linux
Status: Open Network Operating System
Vendor: CVE Published:; 20 February 2020

Summary

A vulnerability exists in the Ethernet VPN application of the Open Network Operating System (ONOS) version 1.14. The host event listener fails to process specific event types such as HOST_MOVED and HOST_UPDATED. This issue could be exploited in conjunction with other applications, potentially leading to unintentional code execution within the network environment. Proper handling of host event notifications is crucial for maintaining the integrity and security of network operations.

References

https://www.ndss-symposium.org/wp-content/uploads/2020/02...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2020
Vulnerability Reserved
Sep 13, 2019