CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16297
https://notcve.org/view.php?id=CVE-2019-16297
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. Se detectó un problema en Open Network Operating System (ONOS) versión 1.14. En la aplicación P4 tutorial (org.onosproject.p4tutorial), el listener de eventos del host no maneja los siguientes tipos de eventos: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. • https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010234
https://notcve.org/view.php?id=CVE-2019-1010234
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. Linux Foundation ONOS versión 1.15.0 y versiones anteriores se ven afectadas por: Validación de entrada incorrecta. • https://drive.google.com/file/d/1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv/view?usp=sharing • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010245
https://notcve.org/view.php?id=CVE-2019-1010245
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. • https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv https://gerrit.onosproject.org/#/c/20767 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-1010249
https://notcve.org/view.php?id=CVE-2019-1010249
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. Linux Foundation ONOS versión 2.0.0 y versiones anteriores se ven afectadas por: Desbordamiento de entero. • https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-1010250
https://notcve.org/view.php?id=CVE-2019-1010250
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. Linux Foundation ONOS versión 2.0.0 y versiones anteriores se ven afectadas por: Mala validación de entrada. • https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1 https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD • CWE-20: Improper Input Validation •