Opennetworking: >> Onos >> 2.7.0 Security Vulnerabilities
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-29
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-05-29
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-24
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-24
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-24
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-03-14