CVE-2019-12116

Published: Mar 18, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.

Affected (1)

Products: Onap: Open Network Automation Platform

1 product

Open Network Automation Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Onap Open Network Automation Platform	From 3.0.0 to 4.0.0

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://jira.onap.org/browse/OJSI-10

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://jira.onap.org/browse/OJSI-10

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.