The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Extremenetworks
Extremenetworks extremeos |
|
Weaknesses | CWE-209 | |
CPEs | cpe:2.3:o:extremenetworks:extremeos:*:*:*:*:*:*:*:* | |
Vendors & Products |
Extremenetworks
Extremenetworks extremeos |
|
Metrics |
ssvc
|
Mon, 11 Nov 2024 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks." | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-10T00:00:00
Updated: 2024-11-12T17:23:10.854Z
Reserved: 2023-08-14T00:00:00
Link: CVE-2023-40457
Vulnrichment
Updated: 2024-11-12T17:23:05.822Z
NVD
Status : Awaiting Analysis
Published: 2024-11-11T00:15:13.817
Modified: 2024-11-12T18:35:01.990
Link: CVE-2023-40457
Redhat
No data.