Attackers Can Cause Denial of Service with BGP Attribute Error Mishandling
CVE-2023-40457

Currently unrated

Key Information:

Vendor: Extreme Networks
Vendor: CVE Published:; 11 November 2024

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2023-40457?

A vulnerability in the BGP daemon of Extreme Networks ExtremeXOS version 30.7.1.1 permits unauthorized attackers, even those not on a directly connected network, to induce a denial of service by exploiting mishandling of BGP attribute errors related to attributes 21 and 25. The vendor has highlighted ongoing evaluations of support for RFC 7606 as a potential mitigation, suggesting that the onus is on customers who opt not to implement RFC 7606 to be aware of necessary defense mechanisms against these types of potential attacks.

References

https://supportdocs.extremenetworks.com/support/documenta...

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave...

https://blog.benjojo.co.uk/asset/JgH8G5duO1

Timeline

Vulnerability published
Nov 11, 2024

JSON