cnvd - cnvd-2020-14219

CNVD-2020-14219

Vulnerability from cnvd - Published: 2020-02-26

Title

Open Network Operating System (ONOS)代码不按预期执行漏洞（CNVD-2020-14219）

Description

Open Network Operating System (ONOS)是一种运营商级SDN网络操作系统，主要面向服务提供商和企业骨干网。 Open Network Operating System (ONOS) 1.14存在代码不按预期执行漏洞。该漏洞源于在虚拟宽带网络网关应用程序(org.onosproject.virtualbng)中，主机事件侦听器不处理HOST_MOVED、HOST_REMOVED、HOST_UPDATED事件类型。攻击者可利用该漏洞结合其他应用程序导致代码不按预期执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.opennetworking.org/onos/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-16298

Impacted products

Name
Open Networking Foundation Open Network Operating System (ONOS) 1.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16298",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-16298"
    }
  },
  "description": "Open Network Operating System (ONOS)\u662f\u4e00\u79cd\u8fd0\u8425\u5546\u7ea7SDN\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e3b\u8981\u9762\u5411\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u4f01\u4e1a\u9aa8\u5e72\u7f51\u3002\n\nOpen Network Operating System (ONOS) 1.14\u5b58\u5728\u4ee3\u7801\u4e0d\u6309\u9884\u671f\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u865a\u62df\u5bbd\u5e26\u7f51\u7edc\u7f51\u5173\u5e94\u7528\u7a0b\u5e8f(org.onosproject.virtualbng)\u4e2d\uff0c\u4e3b\u673a\u4e8b\u4ef6\u4fa6\u542c\u5668\u4e0d\u5904\u7406HOST_MOVED\u3001HOST_REMOVED\u3001HOST_UPDATED\u4e8b\u4ef6\u7c7b\u578b\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed3\u5408\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u5bfc\u81f4\u4ee3\u7801\u4e0d\u6309\u9884\u671f\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.opennetworking.org/onos/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-14219",
  "openTime": "2020-02-26",
  "products": {
    "product": "Open Networking Foundation Open Network Operating System (ONOS) 1.14"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-16298",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-21",
  "title": "Open Network Operating System (ONOS)\u4ee3\u7801\u4e0d\u6309\u9884\u671f\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-14219\uff09"
}

CVE-2019-16298 (GCVE-0-2019-16298)

Vulnerability from cvelistv5 – Published: 2020-02-20 21:39 – Updated: 2024-08-05 01:10

Summary

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.ndss-symposium.org/wp-content/uploads…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:10:41.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-20T21:39:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf",
              "refsource": "MISC",
              "url": "https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16298",
    "datePublished": "2020-02-20T21:39:56",
    "dateReserved": "2019-09-13T00:00:00",
    "dateUpdated": "2024-08-05T01:10:41.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-14219

CVE-2019-16298 (GCVE-0-2019-16298)

Tags

Sightings

Nomenclature