{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-40457", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-12T17:23:10.854Z", "dateReserved": "2023-08-14T00:00:00", "datePublished": "2024-11-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-10T23:53:50.333176"}, "descriptions": [{"lang": "en", "value": "The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is \"evaluating support for RFC 7606 as a future feature\" and believes that \"customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5/"}, {"url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling"}, {"url": "https://blog.benjojo.co.uk/asset/JgH8G5duO1"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-209", "lang": "en", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "affected": [{"vendor": "extremenetworks", "product": "extremeos", "cpes": ["cpe:2.3:o:extremenetworks:extremeos:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "30.7.1.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T17:18:34.173848Z", "id": "CVE-2023-40457", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T17:23:10.854Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T17:18:34.173848Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:extremenetworks:extremeos:*:*:*:*:*:*:*:*"], "vendor": "extremenetworks", "product": "extremeos", "versions": [{"status": "affected", "version": "30.7.1.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T17:23:05.822Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5/"}, {"url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling"}, {"url": "https://blog.benjojo.co.uk/asset/JgH8G5duO1"}], "descriptions": [{"lang": "en", "value": "The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is \"evaluating support for RFC 7606 as a future feature\" and believes that \"customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-10T23:53:50.333176"}}}, "cveMetadata": {"cveId": "CVE-2023-40457", "state": "PUBLISHED", "dateUpdated": "2024-11-12T17:23:10.854Z", "dateReserved": "2023-08-14T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-11-10T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is \"evaluating support for RFC 7606 as a future feature\" and believes that \"customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks.\""}, {"lang": "es", "value": "El daemon BGP en Extreme Networks ExtremeXOS (tambi\u00e9n conocido como EXOS) 30.7.1.1 permite que un atacante (que no est\u00e1 en una red conectada directamente) provoque una denegaci\u00f3n de servicio (reinicio de sesi\u00f3n BGP) debido a un manejo incorrecto de errores de atributos BGP (para los atributos 21 y 25). NOTA: el proveedor lo niega porque est\u00e1 \"evaluando la compatibilidad con RFC 7606 como una caracter\u00edstica futura\" y cree que \"los clientes que han optado por no requerir o implementar RFC 7606 lo han hecho voluntariamente y con conocimiento de lo que se necesita para defenderse contra este tipo de ataques\"."}], "id": "CVE-2023-40457", "lastModified": "2024-11-12T18:35:01.990", "metrics": {}, "published": "2024-11-11T00:15:13.817", "references": [{"source": "cve@mitre.org", "url": "https://blog.benjojo.co.uk/asset/JgH8G5duO1"}, {"source": "cve@mitre.org", "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling"}, {"source": "cve@mitre.org", "url": "https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}