CVE-2022-29944 in ONOSinfo

Summary

by MITRE • 04/20/2023

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/24/2026

The vulnerability identified as CVE-2022-29944 resides within the ONOS (Open Network Operating System) 2.5.1 software platform, specifically affecting the intent-based networking capabilities of the system. This issue represents a critical flaw in the path installation and management logic that governs how network intents are processed and applied within the software-defined networking environment. The problem manifests when the system fails to properly evaluate and update existing network paths in response to new intent installations that should logically supersede previous configurations.

The technical root cause of this vulnerability stems from an incorrect comparison mechanism that evaluates whether paths installed by intents should be updated or maintained. When a new intent is installed that shares common path segments with existing intents but possesses higher priority, the system fails to recognize the need for path redirection. This improper path comparison logic creates a scenario where network traffic continues to follow outdated routing paths despite the installation of more appropriate alternatives with superior priority levels. The flaw essentially prevents the system from properly handling intent precedence and path modification, leading to potential network inefficiencies and misconfigurations.

The operational impact of this vulnerability extends beyond simple network performance degradation to potentially compromise network reliability and security posture. Network administrators may observe unexpected traffic patterns where high-priority intents fail to take effect, resulting in suboptimal routing decisions that could affect service quality, latency, and overall network efficiency. In environments where network reliability is paramount, such as telecommunications or enterprise data centers, this vulnerability could lead to service disruptions or misdirected network traffic that bypasses intended security controls. The issue particularly affects scenarios where dynamic path adjustments are required based on changing network conditions or policy updates.

This vulnerability aligns with CWE-254, which addresses weaknesses in the implementation of security features, specifically focusing on inadequate access control mechanisms. The improper path comparison logic represents a failure in the intent processing subsystem to properly validate and enforce priority-based path selection. From an ATT&CK framework perspective, this weakness could be leveraged to establish persistent network misconfigurations that might not be immediately apparent, potentially providing attackers with opportunities to manipulate network traffic flows or create denial-of-service conditions. Organizations utilizing ONOS 2.5.1 should consider this vulnerability as part of their broader network security posture assessment, particularly in environments where intent-based networking is critical for maintaining network operations and security policies. The recommended mitigation involves upgrading to a patched version of ONOS or implementing workarounds that ensure proper intent precedence handling and path update mechanisms are maintained.

Reservation

04/29/2022

Disclosure

04/20/2023

Moderation

accepted

CPE

ready

EPSS

0.00758

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!