CVE-2022-29607

{"id": "CVE-2022-29607", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-04-20T13:15:07.507", "references": [{"url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator."}], "lastModified": "2023-05-03T19:57:57.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DD1D050-BBF8-45B6-9B4E-93FC5D062414"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}