BGP Path Attribute Handling Flaw in Nokia Service Router OS and SR Linux
CVE-2023-41376

7.5HIGH

Key Information:

Vendor: Nokia
Status: Service Router Linux; Service Router Operating System
Vendor: CVE Published:; 29 August 2023

Summary

A flaw exists in Nokia's Service Router Operating System (SR OS) 22.10 and SR Linux related to the mishandling of BGP path attributes. When error-handling for update fault tolerance is not enabled, the system may improperly process BGP path attributes, potentially leading to routing issues and network instability. This vulnerability emphasizes the importance of correct configuration to ensure the resilience and reliability of network operations.

References

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave...

https://news.ycombinator.com/item?id=37305800

https://www.nokia.com/networks/technologies/service-route...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Aug 29, 2023