An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpennetworking Onos
APPOpennetworking2.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-41591CRITICAL9.8PL ✓ten sam produkt
ONOS v2.7.0 — fałszowanie adresów IP/MAC umożliwiające atak man-in-the-middle
CVE-2025-29312CRITICAL9.1PL ✓ten sam produkt
ONOS v2.7.0 – manipulacja typem łącza powoduje nieoczekiwane zachowanie urządzeń sieciowych
CVE-2025-29310CRITICAL9.8PL ✓ten sam produkt
Niebezpieczna deserializacja pakietów LLDP w ONOS v2.7.0 (RCE)
CVE-2022-29606CRITICAL9.8ten sam produkt
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is mi...
CVE-2025-29311HIGH7.5ten sam produkt
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a brut...