The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
[
{
"product": "ONOS",
"vendor": "The Linux Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
]