ONOS Packet Deserialization Vulnerability Allowing Command Execution in Version 2.7.0

Vulnerability

A deserialization vulnerability has been identified in ONOS version 2.7.0. This issue arises when a crafted Link Layer Discovery Protocol (LLDP) packet is processed, potentially leading to the execution of arbitrary commands or unauthorized access to network information.

Impact

Exploitation of this vulnerability could result in unauthorized command execution or access to sensitive network information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ONOS Packet Deserialization Vulnerability Allowing Command Execution in Version 2.7.0

Vulnerability

Impact

Affected Products

ONOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating