Intent Key Manipulation Vulnerability in ONOS 2.5.1

Intent Key Manipulation Vulnerability in ONOS 2.5.1

CVE-2022-24109 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.

Learn more about our User Device Pen Test.