Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.
References
| Link | Resource |
|---|---|
| http://gms.cl0udz.com/ONOS_app_overwrite.pdf | Exploit Mailing List Third Party Advisory |
| https://gerrit.onosproject.org/#/c/19043/ | Patch Vendor Advisory |
| http://gms.cl0udz.com/ONOS_app_overwrite.pdf | Exploit Mailing List Third Party Advisory |
| https://gerrit.onosproject.org/#/c/19043/ | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 03:57
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://gms.cl0udz.com/ONOS_app_overwrite.pdf - Exploit, Mailing List, Third Party Advisory | |
| References | () https://gerrit.onosproject.org/#/c/19043/ - Patch, Vendor Advisory |
Information
Published : 2018-07-23 15:29
Updated : 2024-11-21 03:57
NVD link : CVE-2018-1999020
Mitre link : CVE-2018-1999020
CVE.ORG link : CVE-2018-1999020
JSON object : View
Products Affected
opennetworking
- onos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')