An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Link | Tags |
---|---|
https://wiki.onosproject.org/display/ONOS/Intent+Framework | product |
https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf | third party advisory exploit technical description |