Vulnerability Description
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Next | 20.0.1 |
| F5 | Big-Ip Next Service Proxy For Kubernetes | >= 1.5.0, <= 1.8.2 |
| F5 | Big-Ip Next Cloud-Native Network Functions | >= 1.1.0, <= 1.1.1 |
| F5 | Big-Ip Local Traffic Manager | >= 13.1.0, <= 13.1.5 |
| F5 | Big-Ip Global Traffic Manager | >= 13.1.0, <= 13.1.5 |
| Ipinfusion | Zebos | <= 7.10.6 |
References
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handlingExploit
- https://my.f5.com/manage/s/article/K000137315Third Party Advisory
- https://www.ipinfusion.com/doc_prod_cat/zebos/Product
- https://www.kb.cert.org/vuls/id/347067Third Party AdvisoryUS Government Resource
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handlingExploit
- https://my.f5.com/manage/s/article/K000137315Third Party Advisory
- https://www.ipinfusion.com/doc_prod_cat/zebos/Product
- https://www.kb.cert.org/vuls/id/347067Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-45886?
CVE-2023-45886 is a vulnerability with a CVSS score of 7.5 (HIGH). The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
How severe is CVE-2023-45886?
CVE-2023-45886 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45886?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Next, F5 Big-Ip Next Service Proxy For Kubernetes, F5 Big-Ip Next Cloud-Native Network Functions, F5 Big-Ip Local Traffic Manager, F5 Big-Ip Global Traffic Manager.