4.2

CVE-2026-5107

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FrroutingFrrouting Version10.5.0
FrroutingFrrouting Version10.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.037
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.2 1.6 2.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com 2.3 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 4.2 1.6 2.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com 3.6 3.9 4.9
AV:N/AC:H/Au:S/C:N/I:P/A:P
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://vuldb.com/vuln/354132
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/354132/cti
VDB Entry
Permissions Required
https://vuldb.com/submit/780123
Third Party Advisory
VDB Entry