CVE-2018-12691
MEDIUMONOS < 1.13.0 - Network Access Control Bypass via TOCTOU Race Condition in ACL Application
Title source: llmDescription
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://gerrit.onosproject.org/#/c/18867/
Third Party Advisory x_refsource_confirm
https://wiki.onosproject.org/display/ONOS/Security+advisories
Scores
CVSS v3
6.8
EPSS
0.0070
EPSS Percentile
48.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-362
Status
published
Products (1)
onosproject/onos
< 1.13.0
Published
Jul 05, 2018
Tracked Since
Feb 18, 2026