CVE-2018-1000616

Description

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onosdriversutilitiessrcmainjavaorgonosprojectdriversutilitiesXmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.