Vulnerabilities > CVE-2022-29604 - Improper Handling of Case Sensitivity vulnerability in Opennetworking Onos 2.5.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opennetworking

CWE-178

critical

NVD

Published: 2023-04-20

Updated: 2023-05-04

Summary

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.

Vulnerable Configurations

Part	Description	Count
Application	Opennetworking Opennetworking Onos 2.5.1	1

Common Weakness Enumeration (CWE)

CWE-178 - Improper Handling of Case Sensitivity

References

https://wiki.onosproject.org/display/ONOS/Intent+Framework
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf