An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.
An attacker sends a specially crafted LLDP (Link Layer Discovery Protocol) packet to the ONOS system. During packet processing, unsafe deserialization of data occurs (CWE-502), meaning untrusted input data is deserialized without proper validation. As a result, an attacker can smuggle a malicious payload that will be executed on the server side.
An attacker can remotely execute arbitrary system commands on the ONOS server (RCE) and gain access to sensitive network information. Due to the network vector and lack of authentication requirements, the impact of compromise could include full control over the SDN controller.
Apply patches available from the vendor according to the references. Until patches are applied, it is recommended to restrict network access to interfaces processing LLDP packets and monitor traffic for anomalous LLDP packets.
ONOS (Open Network Operating System) version 2.7.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpennetworking Onos
APPOpennetworking2.7.0
Related vulnerabilities
ONOS v2.7.0 — fałszowanie adresów IP/MAC umożliwiające atak man-in-the-middle
ONOS v2.7.0 – manipulacja typem łącza powoduje nieoczekiwane zachowanie urządzeń sieciowych
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT sta...
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is mi...
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a brut...