CVE-2018-1999020
MEDIUMONOS < 1.13.2 - Path Traversal and Arbitrary File Deletion via Crafted Zip Upload
Title source: llmDescription
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.
References (2)
Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://gms.cl0udz.com/ONOS_app_overwrite.pdf
Patch, Vendor Advisory x_refsource_confirm
https://gerrit.onosproject.org/#/c/19043/
Scores
CVSS v3
5.5
EPSS
0.0128
EPSS Percentile
66.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
opennetworking/onos
< 1.13.2
Published
Jul 23, 2018
Tracked Since
Feb 18, 2026