exploitDog

CVE-2022-24109

Опубликовано: 20 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.

Ссылки

https://wiki.onosproject.org/display/ONOS/Intent+Framework
Product
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
Exploit
Technical Description
Third Party Advisory
https://wiki.onosproject.org/display/ONOS/Intent+Framework
Product
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-400

Связанные уязвимости

GHSA-3hc4-p5q8-6mx3

CVSS3: 6.5

github

почти 3 года назад

An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.

EPSS

Процентиль: 36%

0.00152

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-400