CVE-2022-29607
First published: Thu Apr 20 2023(Updated: )
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ONF SD-RAN ONOS | =2.5.1 | |
| =2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29607?
CVE-2022-29607 has a moderate severity as it can mislead network operators through improper handling of intents.
How do I fix CVE-2022-29607?
To fix CVE-2022-29607, it is recommended to upgrade to a newer version of ONOS that addresses this specific issue.
What versions of ONOS are affected by CVE-2022-29607?
CVE-2022-29607 specifically affects ONOS version 2.5.1.
What is the impact of CVE-2022-29607 on network operations?
The impact of CVE-2022-29607 is that it can cause confusion for network operators by reporting intents as INSTALLED without any associated flow rules.
Is there a workaround for CVE-2022-29607?
Currently, there are no known workarounds for CVE-2022-29607 other than upgrading ONOS to a version that resolves the issue.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/opennetworking
- canonical/onf sd-ran onos
- version/onf sd-ran onos/2.5.1