CVE-2019-12127

Published: Mar 19, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.

Affected (1)

Products: Onap: Open Network Automation Platform

1 product

Open Network Automation Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Onap Open Network Automation Platform	From 3.0.0 to 4.0.0

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://jira.onap.org/browse/OJSI-27

Source: cve@mitre.org

Third Party Advisory

https://jira.onap.org/browse/OJSI-27

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.