Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Onos
(Opennetworking)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-29 | CVE-2023-41591 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | Onos | N/A | ||
| 2025-05-29 | CVE-2024-53423 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. | Onos | N/A | ||
| 2023-04-20 | CVE-2021-38363 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. | Onos | 7.5 | ||
| 2023-04-20 | CVE-2021-38364 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents. | Onos | 6.5 | ||
| 2023-04-20 | CVE-2022-24035 | An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management. | Onos | 7.5 | ||
| 2023-04-20 | CVE-2022-24109 | An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. | Onos | 6.5 |