An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HOpennetworking Onos
APPOpennetworking2.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2023-41591CRITICAL9.8PL ✓ten sam produkt
ONOS v2.7.0 — fałszowanie adresów IP/MAC umożliwiające atak man-in-the-middle
CVE-2025-29310CRITICAL9.8PL ✓ten sam produkt
Niebezpieczna deserializacja pakietów LLDP w ONOS v2.7.0 (RCE)
CVE-2022-29604CRITICAL9.8ten sam produkt
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT sta...
CVE-2022-29606CRITICAL9.8ten sam produkt
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is mi...
CVE-2025-29311HIGH7.5ten sam produkt
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a brut...