Shodan
Vulnerabilities
Vulnerable Software
Onosproject:  >> Onos  >> 1.8.0  Security Vulnerabilities
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-07-09
CVE-2018-1000615
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-09
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-09
CVE-2018-12691
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
CVSS Score
6.8
EPSS Score
0.002
Published
2018-07-05
CVE-2017-13762
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-08-30
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-30
CVE-2017-1000078
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-17
CVE-2017-1000079
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-07-17
CVE-2017-1000080
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-17
CVE-2017-1000081
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVSS Score
9.8
EPSS Score
0.088
Published
2017-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved