Description
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
References (2)
Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1
Scores
CVSS v3
4.9
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
linuxfoundation/open_network_operating_system
< 2.0.0
Published
Jul 18, 2019
Tracked Since
Feb 18, 2026