CVE-2022-24109

An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller...

PT-2025-12707 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: onos version 2.7.0 Description: The issue allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet, enabling them to execute arbitrary commands or access network information. Recommendations: For onos...

PT-2025-12709 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: onos version 2.7.0 Description: An issue in onos allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct. Recommendations: For onos version 2.7.0, conside...

PT-2025-12708 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: onos version 2.7.0 Description: The issue is related to limited secret space in LLDP packets, which can be exploited by attackers to obtain the private key via a brute force attack. Attackers can leverage this to create crafted LLDP packets...

PT-2023-12993 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in ONOS where there is an incorrect comparison of paths installed by intents. An existing intent does not redirect to a new path, even if a new intent that shares the path with higher...

PT-2023-12336 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in ONOS where there is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing fl...