Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-1010252

Summary
Assigner-dwf
Assigner Org ID-7556d962-6fb7-411e-85fa-6cd62f095ba8
Published At-18 Jul, 2019 | 17:43
Updated At-05 Aug, 2024 | 03:07
Rejected At-
Credits

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dwf
Assigner Org ID:7556d962-6fb7-411e-85fa-6cd62f095ba8
Published At:18 Jul, 2019 | 17:43
Updated At:05 Aug, 2024 | 03:07
Rejected At:
▼CVE Numbering Authority (CNA)

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.

Affected Products
Vendor
The Linux FoundationThe Linux Foundation
Product
ONOS
Versions
Affected
  • 2.0.0 and earlier
Problem Types
TypeCWE IDDescription
textN/APoor Input-validation
Type: text
CWE ID: N/A
Description: Poor Input-validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
x_refsource_MISC
https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn
x_refsource_MISC
Hyperlink: https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
Resource:
x_refsource_MISC
Hyperlink: https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
x_refsource_MISC
x_transferred
https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn
x_refsource_MISC
x_transferred
Hyperlink: https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:josh@bress.net
Published At:18 Jul, 2019 | 18:15
Updated At:29 Jul, 2019 | 13:28

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.9MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Primary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Type: Primary
Version: 3.0
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P
CPE Matches
The Linux Foundation
linuxfoundation
>>open_network_operating_system>>Versions up to 2.0.0(inclusive)
cpe:2.3:o:linuxfoundation:open_network_operating_system:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewDjosh@bress.net
Exploit
Third Party Advisory
https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJnjosh@bress.net
Exploit
Third Party Advisory
Hyperlink: https://drive.google.com/open?id=1HtdRdf88Nv3RNeQJM9fQ6egY5X-tuewD
Source: josh@bress.net
Resource:
Exploit
Third Party Advisory
Hyperlink: https://drive.google.com/open?id=1ce1uqcJYI-sEENGbPmmw-uJTwCXTUyJn
Source: josh@bress.net
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

53Records found
CVE-2015-1487
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.5||MEDIUM
EPSS-51.20% / 97.79%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.28%
||
7 Day CHG~0.00%
Published-03 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3478
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.56% / 67.17%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:25
Updated-13 Nov, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found