CRITICAL🇵🇱 Wersja polska

CVE-2018-1000616

CVSS 9.8v3.0pub. 2018-07-09upd. 2024-11-21

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Onosproject Onos

    APP
    Onosproject
    ≤ 1.13.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2019-13624CRITICAL9.8ten sam produkt

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote...

CVE-2018-1000614CRITICAL9.8ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in provider...

CVE-2017-1000081CRITICAL9.8ten sam produkt

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote...

CVE-2018-1000615HIGH7.5ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in ...

CVE-2017-13763HIGH7.5ten sam produkt

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size ...