CVE-2023-45886

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
f5big-ip_next
20.0.1
f5big-ip_next_service_proxy_for_kubernetes
1.5.0 ≤
𝑥
≤ 1.8.2
f5big-ip_next_cloud-native_network_functions
1.1.0 ≤
𝑥
≤ 1.1.1
f5big-ip_local_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_local_traffic_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_local_traffic_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_local_traffic_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_local_traffic_manager
17.1.0 ≤
𝑥
≤ 17.1.1
f5big-ip_global_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.5
f5big-ip_global_traffic_manager
14.1.0 ≤
𝑥
≤ 14.1.5
f5big-ip_global_traffic_manager
15.1.0 ≤
𝑥
≤ 15.1.10
f5big-ip_global_traffic_manager
16.1.0 ≤
𝑥
≤ 16.1.4
f5big-ip_global_traffic_manager
17.1.0 ≤
𝑥
≤ 17.1.1
ipinfusionzebos
𝑥
≤ 7.10.6
𝑥
= Vulnerable software versions
References
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://my.f5.com/manage/s/article/K000137315
https://www.ipinfusion.com/doc_prod_cat/zebos/
https://www.kb.cert.org/vuls/id/347067
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://my.f5.com/manage/s/article/K000137315
https://www.ipinfusion.com/doc_prod_cat/zebos/
https://www.kb.cert.org/vuls/id/347067