Shodan
Vulnerabilities
Vulnerable Software
Onap:  >> Open Network Automation Platform  Security Vulnerabilities
CVE-2019-12125
In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-03-19
CVE-2019-12126
In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-03-19
CVE-2019-12127
In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-03-19
CVE-2019-12128
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
CVE-2019-12129
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
CVE-2019-12130
In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
CVE-2019-12132
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-03-18
CVE-2019-12112
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-03-18
CVE-2019-12113
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-03-18
CVE-2019-12114
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-03-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved