HIGH🇵🇱 Wersja polska

CVE-2025-29311

CVSS 7.5v3.1pub. 2025-03-24upd. 2025-04-01

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Opennetworking Onos

    APP
    Opennetworking
    2.7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-41591CRITICAL9.8PL ✓ten sam produkt

ONOS v2.7.0 — fałszowanie adresów IP/MAC umożliwiające atak man-in-the-middle

CVE-2025-29310CRITICAL9.8PL ✓ten sam produkt

Niebezpieczna deserializacja pakietów LLDP w ONOS v2.7.0 (RCE)

CVE-2025-29312CRITICAL9.1PL ✓ten sam produkt

ONOS v2.7.0 – manipulacja typem łącza powoduje nieoczekiwane zachowanie urządzeń sieciowych

CVE-2022-29606CRITICAL9.8ten sam produkt

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is mi...

CVE-2022-29604CRITICAL9.8ten sam produkt

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT sta...