CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1000614

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile2.09th
Published2018年7月9日
Last Modified2024年11月21日

Vulnerability Description

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.

Affected Platforms (CPE)

📦
Onosproject

Onos

<= 1.13.1

References & Advisories

🔗 http://gms.cl0udz.com/ONOS_Vul.pdf
🔗 https://gerrit.onosproject.org/#/c/18779/
🔗 http://gms.cl0udz.com/ONOS_Vul.pdf
🔗 https://gerrit.onosproject.org/#/c/18779/

相關漏洞威脅

CVE-2019-136249.8

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within s...

CVE-2019-10102459.8

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A rem...

CVE-2018-10006169.8

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m...

CVE-2019-10102349.8

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely ex...