exploitDog

CVE-2019-16298

Опубликовано: 20 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

Ссылки

https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf
Technical Description
Third Party Advisory
https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linuxfoundation:open_network_operating_system:1.14.0:-:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00611

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-755

Связанные уязвимости

GHSA-cx85-qpwq-2q82

github

больше 3 лет назад

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

EPSS

Процентиль: 69%

0.00611

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-755