Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opennetworking Subscribe
Filtered by product Onos
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24279 1 Opennetworking 1 Onos 2023-03-22 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
CVE-2019-11189 1 Opennetworking 1 Onos 2020-02-28 5.0 MEDIUM 7.5 HIGH
Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy.
CVE-2018-1999020 1 Opennetworking 1 Onos 2018-09-20 5.8 MEDIUM 5.5 MEDIUM
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.