CVE-2018-12691

2018-07-0518:00:00

mitre

www.cve.org

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

References

gerrit.onosproject.org/#/c/18867/

wiki.onosproject.org/display/ONOS/Security+advisories