Created
May 28, 2025 04:51
-
-
Save kjw6855/9764e3f51b89119473e4d2c4f64dca27 to your computer and use it in GitHub Desktop.
Description for CVE-2023-41591
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Insecure Permissions | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Open Network Foundation | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| ONOS - 2.7.0 | |
| ------------------------------------------ | |
| [Affected Component] | |
| core/net/src/main/java/org/onosproject/net/host/impl/HostManager.java | |
| ------------------------------------------ | |
| [Attack Type] | |
| Context-dependent | |
| ------------------------------------------ | |
| [Impact Escalation of Privileges] | |
| true | |
| ------------------------------------------ | |
| [CVE Impact Other] | |
| CWE-300: Channel Accessible by Non-Endpoint | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| send crafted PACKET_OUT message with the egress port to 255, which is the controller port for BMv2 switch by default | |
| ------------------------------------------ | |
| [Reference] | |
| https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675 | |
| ------------------------------------------ | |
| [Discoverer] | |
| Jiwon Kim |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment