Denial of Service Vulnerability in IP Infusion ZebOS BGP Daemon
CVE-2023-45886

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Next
Vendor: CVE Published:; 21 November 2023

What is CVE-2023-45886?

The BGP daemon (bgpd) in IP Infusion ZebOS versions up to 7.10.6 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending specifically crafted BGP update messages that contain malformed attributes. This oversight in attribute handling may cause the BGP daemon to crash or become unresponsive, impacting network operations and service availability. Both service providers and organizations using IP Infusion ZebOS should take immediate action to safeguard their networks against possible exploitation.

References

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave...

https://www.kb.cert.org/vuls/id/347067

https://www.ipinfusion.com/doc_prod_cat/zebos/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2023
Vulnerability Reserved
Oct 15, 2023

F5

What is CVE-2023-45886?

References

CVSS V3.1

Timeline