CVE-2019-1010250 - OpenCVE

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Open Network Operating System

Configuration 1 [-]

cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-18T17:51:49

Updated: 2024-08-05T03:07:18.519Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010250

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-18T18:15:12.217

Modified: 2019-07-25T14:49:29.967

Link: CVE-2019-1010250

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ONOS", "vendor": "The Linux Foundation", "versions": [{"status": "affected", "version": "2.0.0 and earlier"}]}], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}], "problemTypes": [{"descriptions": [{"description": "Poor Input-validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-18T17:51:49", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ONOS", "version": {"version_data": [{"version_value": "2.0.0 and earlier"}]}}]}, "vendor_name": "The Linux Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Poor Input-validation"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD", "refsource": "MISC", "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"name": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1", "refsource": "MISC", "url": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.519Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010250", "datePublished": "2019-07-18T17:51:49", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.519Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E29574-B56D-42AC-A137-6E25EFFCD2CD", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity."}, {"lang": "es", "value": "Linux Foundation ONOS versi\u00f3n 2.0.0 y versiones anteriores se ven afectadas por: Mala validaci\u00f3n de entrada. El impacto es: un administrador de red (o atacante) puede instalar reglas de flujo involuntarias en el conmutador por error. El componente es: las funciones createFlow() y createFlows() en FlowWebResource.java (servicio RESTful). El vector de ataque es: gesti\u00f3n de red y conectividad."}], "id": "CVE-2019-1010250", "lastModified": "2019-07-25T14:49:29.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T18:15:12.217", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1"}, {"source": "josh@bress.net", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}