CVE-2019-1010249 - OpenCVE

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Open Network Operating System

Configuration 1 [-]

cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-18T17:53:37

Updated: 2024-08-05T03:07:18.432Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010249

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-18T18:15:12.137

Modified: 2019-07-24T15:51:21.080

Link: CVE-2019-1010249

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ONOS", "vendor": "The Linux Foundation", "versions": [{"status": "affected", "version": "2.0.0 and earlier"}]}], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}], "problemTypes": [{"descriptions": [{"description": "Integer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-18T17:53:37", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ"}, {"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010249", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ONOS", "version": {"version_data": [{"version_value": "2.0.0 and earlier"}]}}]}, "vendor_name": "The Linux Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ", "refsource": "MISC", "url": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ"}, {"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD", "refsource": "MISC", "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.432Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010249", "datePublished": "2019-07-18T17:53:37", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E29574-B56D-42AC-A137-6E25EFFCD2CD", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}, {"lang": "es", "value": "Linux Foundation ONOS versi\u00f3n 2.0.0 y versiones anteriores se ven afectadas por: Desbordamiento de entero. El impacto es: un administrador de red (o atacante) puede instalar reglas de flujo involuntarias en el conmutador por error\nEl componente es: las funciones createFlow() y createFlows() functions en FlowWebResource.java (RESTful service). l vector de ataque es: gesti\u00f3n de red y conectividad."}], "id": "CVE-2019-1010249", "lastModified": "2019-07-24T15:51:21.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T18:15:12.137", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/open?id=1LxmTXZS-FRJQHAzO2JPgDx5SbLNEJHuJ"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}