-

CVE-2023-40457

EPSS 0.08%
Veröffentlicht 11.11.2024 00:15:13
Zuletzt bearbeitet 12.11.2024 18:35:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerextremenetworks

≫

Produkt extremeos

Default Statusunknown

Version 30.7.1.1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.245

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

https://blog.benjojo.co.uk/asset/JgH8G5duO1

https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5/

https://nvd.nist.gov/vuln/detail/CVE-2023-40457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40457

EUVD