Opennetworking

Onos

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.6

CVE-2024-53423

  • EPSS 0.04%
  • Veröffentlicht 29.05.2025 00:00:00
  • Zuletzt bearbeitet 03.06.2025 15:36:02

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

9.8

CVE-2023-41591

  • EPSS 0.08%
  • Veröffentlicht 29.05.2025 00:00:00
  • Zuletzt bearbeitet 03.06.2025 15:36:09

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.

9.1

CVE-2025-29312

Exploit
  • EPSS 0.15%
  • Veröffentlicht 24.03.2025 00:00:00
  • Zuletzt bearbeitet 01.04.2025 18:52:53

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.

7.5

CVE-2025-29311

  • EPSS 0.31%
  • Veröffentlicht 24.03.2025 00:00:00
  • Zuletzt bearbeitet 01.04.2025 19:49:34

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets.

9.8

CVE-2025-29310

  • EPSS 0.09%
  • Veröffentlicht 24.03.2025 00:00:00
  • Zuletzt bearbeitet 01.04.2025 19:51:09

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.

9.8

CVE-2022-29606

Exploit
  • EPSS 0.14%
  • Veröffentlicht 20.04.2023 13:15:07
  • Zuletzt bearbeitet 05.02.2025 15:15:14

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.

5.3

CVE-2022-29944

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.04.2023 13:15:07
  • Zuletzt bearbeitet 05.02.2025 16:15:32

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed.

5.3

CVE-2022-29609

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.04.2023 13:15:07
  • Zuletzt bearbeitet 05.02.2025 16:15:32

An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.

7.5

CVE-2022-29608

Exploit
  • EPSS 0.1%
  • Veröffentlicht 20.04.2023 13:15:07
  • Zuletzt bearbeitet 05.02.2025 16:15:32

An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.

7.5

CVE-2022-29607

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.04.2023 13:15:07
  • Zuletzt bearbeitet 05.02.2025 15:15:15

An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator.