CVE-2019-16302

HIGH

Open Network Operating System 1.14 - Improper Handling of Exceptional Conditions in Ethernet VPN Host Event Listener

Title source: llm
STIX 2.1

Description

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

References (1)

Core 1
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf

Scores

CVSS v3 7.5
EPSS 0.0061
EPSS Percentile 70.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-755
Status published
Products (1)
linuxfoundation/open_network_operating_system 1.14.0
Published Feb 20, 2020
Tracked Since Feb 18, 2026