Vulnerability Description
BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nic | Bird | <= 2.0.7 |
Related Weaknesses (CWE)
References
- https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-cluExploitMitigationThird Party Advisory
- https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-cluExploitMitigationThird Party Advisory
FAQ
What is CVE-2021-26928?
CVE-2021-26928 is a vulnerability with a CVSS score of 6.8 (MEDIUM). BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurati...
How severe is CVE-2021-26928?
CVE-2021-26928 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26928?
Check the references section above for vendor advisories and patch information. Affected products include: Nic Bird.