Opennetworking Onos

19 CVEs affecting Opennetworking Onos. Latest disclosed: 2025-05-29. Critical: 5, High: 7.

Top CVEs affecting Opennetworking Onos
CVESeverityScorePublishedSummary
CVE-2023-41591Critical9.82025-05-29An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communic…
CVE-2025-29310Critical9.82025-03-24An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers…
CVE-2022-29606Critical9.82023-04-20An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling…
CVE-2022-29604Critical9.82023-04-20An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Im…
CVE-2025-29312Critical9.12025-03-24An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect t…
CVE-2025-29311High7.52025-03-24Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage thi…
CVE-2022-29608High7.52023-04-20An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.
CVE-2022-29607High7.52023-04-20An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow ru…
CVE-2022-29605High7.52023-04-20An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv…
CVE-2022-24035High7.52023-04-20An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In…
CVE-2021-38363High7.52023-04-20An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. De…
CVE-2019-11189High7.52020-02-20Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attacker…
CVE-2022-24109Medium6.52023-04-20An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, a…
CVE-2021-38364Medium6.52023-04-20An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new inten…
CVE-2023-24279Medium6.12023-03-14A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts o…
CVE-2024-53423Medium5.62025-05-29An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
CVE-2018-1999020Medium5.52018-07-23Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproj…
CVE-2022-29944Medium5.32023-04-20An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, eve…
CVE-2022-29609Medium5.32023-04-20An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing…