OSA-2019-024: Unprotected APIs/UIs exposed in MSB project
Date: 2019-05-28
CVE: CVE-2019-12129
Severity: Important
Affects
MSB: Dublin and earlier
Description
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP MSB. By accessing one of:
30281
30285
ports, an attacker gains full access to the respective ONAP services without any authentication. All ONAP OOM setups are affected.
Patches
No patch for this vulnerability has been proposed yet.
Credits
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung