{"api_version":"1","generated_at":"2026-04-23T08:40:03+00:00","cve":"CVE-2022-29609","urls":{"html":"https://cve.report/CVE-2022-29609","api":"https://cve.report/api/cve/CVE-2022-29609.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-29609","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-29609"},"summary":{"title":"CVE-2022-29609","description":"An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-04-20 13:15:00","updated_at":"2023-05-03 17:55:00"},"problem_types":["CWE-670"],"metrics":[],"references":[{"url":"https://wiki.onosproject.org/display/ONOS/Intent+Framework","name":"https://wiki.onosproject.org/display/ONOS/Intent+Framework","refsource":"MISC","tags":[],"title":"Intent Framework - ONOS - Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf","name":"https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-29609","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29609","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"29609","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opennetworking","cpe5":"onos","cpe6":"2.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-29609","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://wiki.onosproject.org/display/ONOS/Intent+Framework","refsource":"MISC","name":"https://wiki.onosproject.org/display/ONOS/Intent+Framework"},{"refsource":"MISC","name":"https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf","url":"https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf"}]}},"nvd":{"publishedDate":"2023-04-20 13:15:00","lastModifiedDate":"2023-05-03 17:55:00","problem_types":["CWE-670"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opennetworking:onos:2.5.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}