Lucene search

MitreCVE-2021-38364

HistoryApr 20, 2023 - 1:15 p.m.

CVE-2021-38364

2023-04-2013:15:06

CWE-697

mitre

web.nvd.nist.gov

cve-2021-38364

onos 2.5.1

flow rules

remote attack

intent manipulation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.

Affected configurations

Nvd

Node

opennetworkingonosMatch2.5.1

VendorProductVersionCPE
opennetworkingonos2.5.1cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opennetworking	onos	2.5.1	cpe:2.3:a:opennetworking:onos:2.5.1:::::::*

References

opennetworking.org/onos/

www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Related for CVE-2021-38364