Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-16298

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

Published

2020-02-20T22:15:11.490

Last Modified

2024-11-21T04:30:28.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-755

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linuxfoundation	open_network_operating_system	1.14.0	Yes

References

https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf Technical Description, Third Party Advisory ([email protected])
https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)