CVE-2019-12127 – CVE-2019-12127 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2019-12127?

CVE-2019-12127 has a CVSS score of 9.8 (CRITICAL). CVE-2019-12127 is an authentication bypass vulnerability in ONAP Operations Manager (OOM) that allows unauthenticated attackers to gain full access to ONAP services by connecting to specific ports. All ONAP OOM setups through the Dublin release are affected, enabling complete compromise of the management platform.

📋 TL;DR

CVE-2019-12127 is an authentication bypass vulnerability in ONAP Operations Manager (OOM) that allows unauthenticated attackers to gain full access to ONAP services by connecting to specific ports. All ONAP OOM setups through the Dublin release are affected, enabling complete compromise of the management platform.

💻 Affected Systems

Products:

ONAP Operations Manager (OOM)

Versions: All versions through Dublin release

Operating Systems: Linux-based systems running ONAP

Default Config Vulnerable: ⚠️ Yes

Notes: All OOM deployments are affected regardless of configuration. Vulnerable ports: 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271.

📦 What is this software?

Open Network Automation Platform by Onap

View all CVEs affecting Open Network Automation Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of ONAP infrastructure allowing data exfiltration, service disruption, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to ONAP management services leading to configuration changes, service manipulation, and potential data exposure.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to vulnerable ports.

🌐 Internet-Facing: HIGH - Direct internet exposure allows complete unauthenticated takeover without any exploit complexity.

🏢 Internal Only: HIGH - Even internally, any network-accessible system can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only network access to vulnerable ports - no authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after Dublin release

Vendor Advisory: https://jira.onap.org/browse/OJSI-27

Restart Required: Yes

Instructions:

1. Upgrade ONAP OOM to version after Dublin release. 2. Apply all security patches from ONAP security advisories. 3. Restart all ONAP services after upgrade.

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to vulnerable ports using firewall rules

iptables -A INPUT -p tcp --dport 30234 -j DROP
iptables -A INPUT -p tcp --dport 30290 -j DROP
iptables -A INPUT -p tcp --dport 32010 -j DROP
iptables -A INPUT -p tcp --dport 30270 -j DROP
iptables -A INPUT -p tcp --dport 30224 -j DROP
iptables -A INPUT -p tcp --dport 30281 -j DROP
iptables -A INPUT -p tcp --dport 30254 -j DROP
iptables -A INPUT -p tcp --dport 30285 -j DROP
iptables -A INPUT -p tcp --dport 30271 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate ONAP systems from untrusted networks
Deploy network-based intrusion detection to monitor for unauthorized access attempts to vulnerable ports

🔍 How to Verify

Check if Vulnerable:

Test if you can connect to any of the vulnerable ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271) without authentication using telnet or nc

Check Version:

Check ONAP documentation or deployment manifests for version information

Verify Fix Applied:

Verify ONAP version is post-Dublin release and test that authentication is required when connecting to previously vulnerable ports

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to ONAP service ports
Failed authentication attempts followed by successful access

Network Indicators:

External connections to ports 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271 without prior authentication

SIEM Query:

source_ip=external AND (dest_port=30234 OR dest_port=30290 OR dest_port=32010 OR dest_port=30270 OR dest_port=30224 OR dest_port=30281 OR dest_port=30254 OR dest_port=30285 OR dest_port=30271) AND auth_success=true

📊 Metadata

CVE ID: CVE-2019-12127

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: March 19, 2020

Last Updated: November 21, 2024

🔗 References

https://jira.onap.org/browse/OJSI-27 Third Party Advisory
https://jira.onap.org/browse/OJSI-27 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-12127, you might also want to check these: