Vulnerability Description
Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opennetworking | Onos | <= 2.0.0 |
Related Weaknesses (CWE)
References
- https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdfThird Party Advisory
- https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdfThird Party Advisory
FAQ
What is CVE-2019-11189?
CVE-2019-11189 is a vulnerability with a CVSS score of 7.5 (HIGH). Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via da...
How severe is CVE-2019-11189?
CVE-2019-11189 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11189?
Check the references section above for vendor advisories and patch information. Affected products include: Opennetworking Onos.