The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_local_traffic_manager | 14.0.0 |
| f5 | big-ip_local_traffic_manager | * |
| ipinfusion | zebos | * |
| ipinfusion | ocnos | * |
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_global_traffic_manager | * |
| f5 | big-ip_next_cloud-native_network_functions | * |
| f5 | big-ip_next_service_proxy_for_kubernetes | * |
| f5 | big-ip_local_traffic_manager | * |
| ipinfusion | zebos | * |
| f5 | big-ip_next | 20.0.1 |