CVE-2019-16298

HIGH

ONOS 1.14 - Info Disclosure

Title source: llm

Description

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

References (1)

[Technical Description, Third Party Advisory] https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf

Scores

CVSS v3 7.5

EPSS 0.0061

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

linuxfoundation/open_network_operating_system

Timeline

Published Feb 20, 2020

Tracked Since Feb 18, 2026