CVE-2022-29609
Published: 20 April 2023
Summary
CVE-2022-29609 is a medium-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Opennetworking Onos. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 36.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33940
Vulnerability details
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.