Vulnerability Description
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Open Network Operating System | <= 1.15 |
Related Weaknesses (CWE)
References
- https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyvExploitThird Party Advisory
- https://gerrit.onosproject.org/#/c/20767/PatchThird Party Advisory
- https://drive.google.com/open?id=1OkMtrMgjjINsDUQwxpGxjbATB6hiwqyvExploitThird Party Advisory
- https://gerrit.onosproject.org/#/c/20767/PatchThird Party Advisory
FAQ
What is CVE-2019-1010245?
CVE-2019-1010245 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The com...
How severe is CVE-2019-1010245?
CVE-2019-1010245 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-1010245?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Open Network Operating System.