Every CVE whose affected-product data names Opennetworking Onos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-29604 — CVSS 9.8 (critical): An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a…
CVE-2022-29606 — CVSS 9.8 (critical): An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network…
CVE-2023-41591 — CVSS 9.8 (critical): An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a…
CVE-2025-29310 — CVSS 9.8 (critical): An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This…
CVE-2025-29312 — CVSS 9.1 (critical): An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link…
CVE-2022-29608 — CVSS 7.5 (high): An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule…
CVE-2022-29607 — CVSS 7.5 (high): An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state…
CVE-2019-11189 — CVSS 7.5 (high): Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and…
CVE-2021-38363 — CVSS 7.5 (high): An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in…
CVE-2022-24035 — CVSS 7.5 (high): An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology…
CVE-2022-29605 — CVSS 7.5 (high): An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that…
CVE-2025-29311 — CVSS 7.5 (high): Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are…
CVE-2022-24109 — CVSS 6.5 (medium): An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent…
CVE-2021-38364 — CVSS 6.5 (medium): An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install…
CVE-2023-24279 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute…
CVE-2024-53423 — CVSS 5.6 (medium): An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
CVE-2018-1999020 — CVSS 5.5 (medium): Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in…
CVE-2022-29944 — CVSS 5.3 (medium): An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not…
CVE-2022-29609 — CVSS 5.3 (medium): An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow…