CVE-2023-45886

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45886
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Exploit
https://my.f5.com/manage/s/article/K000137315 Third Party Advisory
https://www.ipinfusion.com/doc_prod_cat/zebos/ Product
https://www.kb.cert.org/vuls/id/347067 Third Party Advisory US Government Resource
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Exploit
https://my.f5.com/manage/s/article/K000137315 Third Party Advisory
https://www.ipinfusion.com/doc_prod_cat/zebos/ Product
https://www.kb.cert.org/vuls/id/347067 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:ipinfusion:zebos:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:27

Type Values Removed Values Added
References () https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling - Exploit () https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling - Exploit
References () https://my.f5.com/manage/s/article/K000137315 - Third Party Advisory () https://my.f5.com/manage/s/article/K000137315 - Third Party Advisory
References () https://www.ipinfusion.com/doc_prod_cat/zebos/ - Product () https://www.ipinfusion.com/doc_prod_cat/zebos/ - Product
References () https://www.kb.cert.org/vuls/id/347067 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/347067 - Third Party Advisory, US Government Resource

29 Nov 2023, 17:09

Type Values Removed Values Added
References () https://www.kb.cert.org/vuls/id/347067 - () https://www.kb.cert.org/vuls/id/347067 - Third Party Advisory, US Government Resource
References () https://my.f5.com/manage/s/article/K000137315 - () https://my.f5.com/manage/s/article/K000137315 - Third Party Advisory
References () https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling - () https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling - Exploit
References () https://www.ipinfusion.com/doc_prod_cat/zebos/ - () https://www.ipinfusion.com/doc_prod_cat/zebos/ - Product
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ipinfusion:zebos:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*
First Time F5
F5 big-ip Next Service Proxy For Kubernetes
Ipinfusion
Ipinfusion zebos
F5 big-ip Local Traffic Manager
F5 big-ip Global Traffic Manager
F5 big-ip Next Cloud-native Network Functions
F5 big-ip Next
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

21 Nov 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-21 06:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45886

Mitre link : CVE-2023-45886

CVE.ORG link : CVE-2023-45886

JSON object : View

Products Affected

f5

  • big-ip_local_traffic_manager
  • big-ip_next
  • big-ip_next_cloud-native_network_functions
  • big-ip_global_traffic_manager
  • big-ip_next_service_proxy_for_kubernetes

ipinfusion

  • zebos
CWE
NVD-CWE-noinfo