Lucene search

[email protected]NVD:CVE-2021-38364

HistoryApr 20, 2023 - 1:15 p.m.

CVE-2021-38364

2023-04-2013:15:06

CWE-697

[email protected]

web.nvd.nist.gov

vulnerability

onos

flow rules

comparison

remote attacker

intent modification

intent deletion

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.002

Percentile

57.6%

JSON

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.

Affected configurations

Nvd

Node

opennetworkingonosMatch2.5.1

VendorProductVersionCPE
opennetworkingonos2.5.1cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opennetworking	onos	2.5.1	cpe:2.3:a:opennetworking:onos:2.5.1:::::::*

References

opennetworking.org/onos/

www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.002

Percentile

57.6%

JSON

Related for NVD:CVE-2021-38364

prion1 cvelist1 cve1 osv1