CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000614

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile2.09th
PublishedJul 9, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.

Affected Platforms (CPE)

πŸ“¦
Onosproject

Onos

<= 1.13.1

References & Advisories

πŸ”— http://gms.cl0udz.com/ONOS_Vul.pdf
πŸ”— https://gerrit.onosproject.org/#/c/18779/
πŸ”— http://gms.cl0udz.com/ONOS_Vul.pdf
πŸ”— https://gerrit.onosproject.org/#/c/18779/

Related Vulnerabilities

CVE-2019-136249.8

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within s...

CVE-2019-10102459.8

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A rem...

CVE-2018-10006169.8

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m...

CVE-2019-10102349.8

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely ex...