OSA-2019-021: Unprotected APIs/UIs exposed in DCAE project

Date: 2019-05-28

CVE: CVE-2019-12126

Severity: Important

Affects

  • DCAE: Dublin and earlier

Description

akub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP DCAE. By accessing port 32010, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

Credits

  • Jakub Botwicz from Samsung

  • Wojciech Rauner from Samsung

  • Łukasz Wrochna from Samsung

  • Radosław Żeszczuk from Samsung

References