CVE-2018-1999020

Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.
References
Link Resource
http://gms.cl0udz.com/ONOS_app_overwrite.pdf Exploit Mailing List Third Party Advisory
https://gerrit.onosproject.org/#/c/19043/ Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:opennetworking:onos:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-23 15:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-1999020

Mitre link : CVE-2018-1999020

CVE.ORG link : CVE-2018-1999020


JSON object : View

Products Affected

opennetworking

  • onos
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')