CVE-2022-24109 Information

Description

An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user a remote attacker can install a duplicate intent with a different key and then remove the duplicate one. This will remove the flow rules of the intent even though the intent still exists in the controller.

Reference

https://wiki.onosproject.org/display/ONOS/Intent+Framework https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf