CVE-2018-1000614

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000614
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000614.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000614
Published
2018-07-09T20:29:00.377Z
Modified
2026-03-14T09:27:04.583706Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.

References

Affected packages

Git / github.com/opennetworkinglab/onos

Affected ranges

Type
GIT
Repo
https://github.com/opennetworkinglab/onos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70507cda8d67c160fa53fd0d2e1b06a6ff7d442e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.1.0
1.1.0-rc2
1.10.0-rc1
1.11.0-b2
1.11.0-b3
1.11.0-b4
1.12.0-b1
1.12.0-b2
1.13.0
1.13.0-b5
1.13.0-b6
1.13.0-b7
1.13.0-b8
1.13.0-rc1
1.13.0-rc2
1.13.0-rc3
1.13.0-rc4
1.13.1
1.2.0
1.2.0-rc1
1.2.0-rc2
1.3.0-rc1
1.3.0-rc2
1.4.0
1.4.0-rc1
1.4.0-rc2
1.4.0-rc3
1.5.0
1.5.0-rc2
1.5.0-rc3
1.7.0-rc1
1.7.0-rc2
1.8.0-rc1
1.8.0-rc3
1.8.0-rc4
1.9.0-b1b
1.9.0-b3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000614.json"