Lucene search

[email protected]NVD:CVE-2021-38364

HistoryApr 20, 2023 - 1:15 p.m.

CVE-2021-38364

2023-04-2013:15:06

CWE-697

[email protected]

web.nvd.nist.gov

vulnerability

onos

flow rules

comparison

remote attacker

intent modification

intent deletion

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.002 Low

EPSS

Percentile

55.2%

JSON

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.

Affected configurations

NVD

Node

opennetworkingonosMatch2.5.1

References

opennetworking.org/onos/

www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for NVD:CVE-2021-38364

cvelist1 prion1 cve1 osv1