Opennetworking Onos
19 CVEs affecting Opennetworking Onos. Latest disclosed: 2025-05-29. Critical: 5, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-41591 | Critical | 9.8 | 2025-05-29 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communic… |
CVE-2025-29310 | Critical | 9.8 | 2025-03-24 | An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers… |
CVE-2022-29606 | Critical | 9.8 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling… |
CVE-2022-29604 | Critical | 9.8 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Im… |
CVE-2025-29312 | Critical | 9.1 | 2025-03-24 | An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect t… |
CVE-2025-29311 | High | 7.5 | 2025-03-24 | Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage thi… |
CVE-2022-29608 | High | 7.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop. |
CVE-2022-29607 | High | 7.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow ru… |
CVE-2022-29605 | High | 7.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv… |
CVE-2022-24035 | High | 7.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In… |
CVE-2021-38363 | High | 7.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. De… |
CVE-2019-11189 | High | 7.5 | 2020-02-20 | Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attacker… |
CVE-2022-24109 | Medium | 6.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, a… |
CVE-2021-38364 | Medium | 6.5 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new inten… |
CVE-2023-24279 | Medium | 6.1 | 2023-03-14 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts o… |
CVE-2024-53423 | Medium | 5.6 | 2025-05-29 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. |
CVE-2018-1999020 | Medium | 5.5 | 2018-07-23 | Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproj… |
CVE-2022-29944 | Medium | 5.3 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, eve… |
CVE-2022-29609 | Medium | 5.3 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing… |