Remote Code Execution in Linux Foundation ONOS 1.15.0 and Earlier via Improper Input Validation in YangLiveCompilerManager.java

Remote Code Execution in Linux Foundation ONOS 1.15.0 and Earlier via Improper Input Validation in YangLiveCompilerManager.java

CVE-2019-1010234 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.