Remote Code Execution in Linux Foundation ONOS 1.15.0 and Earlier via Improper Input Validation in YangLiveCompilerManager.java
CVE-2019-1010234 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.