CVE-2019-12123 : Security Advisory and Response

A vulnerability in ONAP SDNC versions prior to Dublin allows an authenticated user to execute unauthorized commands by exploiting a specific module parameter in the sla/printAsXml command. This vulnerability impacts all SDC configurations that include admportal.

Understanding CVE-2019-12123

This CVE identifies a security flaw in ONAP SDNC that can be exploited by authenticated users to execute arbitrary commands.

What is CVE-2019-12123?

This CVE refers to a vulnerability in ONAP SDNC versions before Dublin that enables unauthorized command execution through a specific module parameter.

The Impact of CVE-2019-12123

The vulnerability poses a risk to the security of systems running affected versions of ONAP SDNC, potentially allowing malicious users to execute unauthorized commands.

Technical Details of CVE-2019-12123

This section provides technical insights into the vulnerability.

Vulnerability Description

The issue lies in the execution of sla/printAsXml with a manipulated module parameter, granting authenticated users the ability to run arbitrary commands.

Affected Systems and Versions

Vulnerable: ONAP SDNC versions prior to Dublin
All SDC configurations containing admportal

Exploitation Mechanism

The vulnerability can be exploited by authenticated users leveraging the module parameter in the sla/printAsXml command.

Mitigation and Prevention

Protect your systems from CVE-2019-12123 with the following measures:

Immediate Steps to Take

Update ONAP SDNC to the Dublin version or later
Implement strict access controls and user permissions

Long-Term Security Practices

Regularly monitor and audit system logs for suspicious activities
Conduct security training for users to recognize and report potential threats

Patching and Updates

Apply security patches and updates promptly to mitigate known vulnerabilities