CVE

CVE-2018-1000616

admin

CVE-2018-1000616

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onosdriversutilitiessrcmainjavaorgonosprojectdriversutilitiesXmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.

Source: CVE-2018-1000616

Exit mobile version