The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."
History

Tue, 12 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Extremenetworks
Extremenetworks extremeos
Weaknesses CWE-209
CPEs cpe:2.3:o:extremenetworks:extremeos:*:*:*:*:*:*:*:*
Vendors & Products Extremenetworks
Extremenetworks extremeos
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 11 Nov 2024 00:00:00 +0000

Type Values Removed Values Added
Description The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-10T00:00:00

Updated: 2024-11-12T17:23:10.854Z

Reserved: 2023-08-14T00:00:00

Link: CVE-2023-40457

cve-icon Vulnrichment

Updated: 2024-11-12T17:23:05.822Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-11T00:15:13.817

Modified: 2024-11-12T18:35:01.990

Link: CVE-2023-40457

cve-icon Redhat

No data.