Description

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

Remediation

References

https://gerrit.onosproject.org/#/c/18867/

https://wiki.onosproject.org/display/ONOS/Security+advisories

Related Vulnerabilities

CVE-2016-10703 Vulnerability in npm package ecstatic

CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle

CVE-2022-31367 Vulnerability in npm package strapi

CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces

Severity

High

Classification

CWE-362 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Patch Third Party Advisory