exploitDog

CVE-2022-29604

Опубликовано: 20 апр. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.

Ссылки

https://wiki.onosproject.org/display/ONOS/Intent+Framework
Product
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
Exploit
Technical Description
Third Party Advisory
https://wiki.onosproject.org/display/ONOS/Intent+Framework
Product
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-178

CWE-178

Связанные уязвимости

GHSA-qcc2-c9cp-c24w

CVSS3: 9.8

github

почти 3 года назад

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.

EPSS

Процентиль: 33%

0.00129

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-178

CWE-178