CRITICAL🇵🇱 Wersja polska

CVE-2022-29604

CVSS 9.8v3.1pub. 2023-04-20upd. 2025-02-05

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opennetworking Onos

    APP
    Opennetworking
    2.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-41591CRITICAL9.8PL ✓ten sam produkt

ONOS v2.7.0 — fałszowanie adresów IP/MAC umożliwiające atak man-in-the-middle

CVE-2025-29312CRITICAL9.1PL ✓ten sam produkt

ONOS v2.7.0 – manipulacja typem łącza powoduje nieoczekiwane zachowanie urządzeń sieciowych

CVE-2025-29310CRITICAL9.8PL ✓ten sam produkt

Niebezpieczna deserializacja pakietów LLDP w ONOS v2.7.0 (RCE)

CVE-2022-29606CRITICAL9.8ten sam produkt

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is mi...

CVE-2025-29311HIGH7.5ten sam produkt

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a brut...