Lucene search

[email protected]CVE-2018-12691

HistoryJul 05, 2018 - 6:29 p.m.

CVE-2018-12691

2018-07-0518:29:00

CWE-362

[email protected]

web.nvd.nist.gov

cve

toctou

race condition

onos

network access control

packet injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

Affected configurations

NVD

Node

onosprojectonosRange≤1.13.0

CPENameOperatorVersion
onosproject:onosonosproject onosle1.13.0

CPE	Name	Operator	Version
onosproject:onos	onosproject onos	le	1.13.0

References

gerrit.onosproject.org/#/c/18867/

wiki.onosproject.org/display/ONOS/Security+advisories

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

Related for CVE-2018-12691

nvd1 cvelist1 prion1 osv1