CVE-2019-1010252 - OpenCVE

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Open Network Operating System

Configuration 1 [-]

cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-18T17:43:41

Updated: 2024-08-05T03:07:18.387Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010252

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-18T18:15:12.373

Modified: 2019-07-29T13:28:30.813

Link: CVE-2019-1010252

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ONOS", "vendor": "The Linux Foundation", "versions": [{"status": "affected", "version": "2.0.0 and earlier"}]}], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity."}], "problemTypes": [{"descriptions": [{"description": "Poor Input-validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-18T17:43:41", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ONOS", "version": {"version_data": [{"version_value": "2.0.0 and earlier"}]}}]}, "vendor_name": "The Linux Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Poor Input-validation"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD", "refsource": "MISC", "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"name": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn", "refsource": "MISC", "url": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010252", "datePublished": "2019-07-18T17:43:41", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E29574-B56D-42AC-A137-6E25EFFCD2CD", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity."}, {"lang": "es", "value": "Linux Foundation ONOS versi\u00f3n 2.0.0 y versiones anteriores se ven afectadas por: Mala validaci\u00f3n de entrada. El impacto es: un administrador de red (o atacante) puede instalar reglas de flujo involuntarias en el conmutador por error. El componente es: applyFlowRules() and apply() funciones en FlowRuleManager.java. El vector de ataque es: gesti\u00f3n de red y conectividad."}], "id": "CVE-2019-1010252", "lastModified": "2019-07-29T13:28:30.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-18T18:15:12.373", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD"}, {"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}