Lucene search

MitreCVE-2023-41376

HistoryAug 29, 2023 - 4:15 p.m.

CVE-2023-41376

2023-08-2916:15:09

mitre

web.nvd.nist.gov

cve-2023-41376

nokia

sr os

sr linux

bgp

path attributes

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.9%

JSON

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.

Affected configurations

Nvd

Node

nokiaservice_router_linuxMatch-

nokiaservice_router_operating_systemMatch22.10

VendorProductVersionCPE
nokiaservice_router_linux-cpe:2.3:o:nokia:service_router_linux:-:*:*:*:*:*:*:*
nokiaservice_router_operating_system22.10cpe:2.3:o:nokia:service_router_operating_system:22.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nokia	service_router_linux	-	cpe:2.3:o:nokia:service_router_linux:-:::::::*
nokia	service_router_operating_system	22.10	cpe:2.3:o:nokia:service_router_operating_system:22.10:::::::*

References

blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

news.ycombinator.com/item?id=37305800

www.nokia.com/networks/technologies/service-router-operating-system/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.9%

JSON

Related for CVE-2023-41376