CVE-2019-1010245
CRITICALLinux Foundation ONOS SDN Controller <1.15 - RCE
Title source: llmDescription
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyv
Patch, Third Party Advisory x_refsource_misc
https://gerrit.onosproject.org/#/c/20767/
Scores
CVSS v3
9.8
EPSS
0.0337
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
CWE-20
Status
published
Products (1)
linuxfoundation/open_network_operating_system
< 1.15
Published
Jul 19, 2019
Tracked Since
Feb 18, 2026