Vulnerability Description
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Open Network Operating System | <= 2.0.0 |
Related Weaknesses (CWE)
References
- https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1ExploitThird Party Advisory
- https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewDExploitTechnical DescriptionThird Party Advisory
- https://drive.google.com/open?id=17RsaP67w6M2xquQjFf2vXhX3dlVKMdC1ExploitThird Party Advisory
- https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewDExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2019-1010250?
CVE-2019-1010250 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The ...
How severe is CVE-2019-1010250?
CVE-2019-1010250 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010250?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Open Network Operating System.