Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ONOS Controller 安全漏洞
Vulnerability Description
ONOS是一套开源的SDN网络操作系统。Controller是其中的一个控制器。 ONOS Controller 1.13.1及之前版本中的onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java文件的‘loadxml()’函数存在XML外部实体注入漏洞。远程攻击者可借助OpenConfig终端设备通过发送畸形的XML到ONOS控制器利用该漏洞注入外部实体。
CVSS Information
N/A
Vulnerability Type
N/A