Lucene search

GoogleOSV:CVE-2022-29604

HistoryApr 20, 2023 - 1:15 p.m.

CVE-2022-29604

2023-04-2013:15:07

Google

osv.dev

cve-2022-29604

onos

case sensitivity

device id

network inconsistency

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.

References

wiki.onosproject.org/display/ONOS/Intent+Framework

www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

66.2%

JSON

Related for OSV:CVE-2022-29604