Denial of Service Vulnerability in IP Infusion ZebOS BGP Daemon
CVE-2023-45886

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Next
Vendor: CVE Published:; 21 November 2023

What is CVE-2023-45886?

The BGP daemon (bgpd) in IP Infusion ZebOS versions up to 7.10.6 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending specifically crafted BGP update messages that contain malformed attributes. This oversight in attribute handling may cause the BGP daemon to crash or become unresponsive, impacting network operations and service availability. Both service providers and organizations using IP Infusion ZebOS should take immediate action to safeguard their networks against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave...

https://www.kb.cert.org/vuls/id/347067

https://www.ipinfusion.com/doc_prod_cat/zebos/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2023
Vulnerability Reserved
Oct 15, 2023

JSON

F5

What is CVE-2023-45886?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.