CVE-2018-17539 - OpenCVE

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Local Traffic Manager
Ipinfusion	Ocnos Zebos

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ipinfusion:ocnos::::::::
	cpe:2.3:a:ipinfusion:zebos::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106367
https://support.f5.com/csp/article/K17264695

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-28T15:00:00

Updated: 2024-08-05T10:54:09.299Z

Reserved: 2018-09-26T00:00:00

Link: CVE-2018-17539

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-28T16:29:02.347

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-17539

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-01T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K17264695"}, {"name": "106367", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106367"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K17264695", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K17264695"}, {"name": "106367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106367"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:54:09.299Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K17264695"}, {"name": "106367", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106367"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17539", "datePublished": "2018-12-28T15:00:00", "dateReserved": "2018-09-26T00:00:00", "dateUpdated": "2024-08-05T10:54:09.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "16F3D25A-7050-4A98-B3B5-3539FCC417AE", "versionEndIncluding": "11.6.3", "versionStartIncluding": "11.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B83479FA-82FB-4F71-9B98-E683745DB49E", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E734E1C-A92F-4394-8F33-4429161BE47C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipinfusion:ocnos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9F78679-BFB3-4170-8234-1A320FEB43DF", "versionEndIncluding": "1.3.3.145", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipinfusion:zebos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C3498D8-B387-4E26-AF1D-80D43DDC5E47", "versionEndIncluding": "7.10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements."}, {"lang": "es", "value": "El demonio BGP (bgpd) en todas las versiones hasta la 7.10.6 de IP Infusion ZebOS y todas las versiones de OcNOS hasta la 1.3.3.145 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante una ruta de sistema aut\u00f3nomo (AS) que contiene 8 o m\u00e1s elementos de n\u00fameros de sistema aut\u00f3nomo (ASN)."}], "id": "CVE-2018-17539", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-28T16:29:02.347", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106367"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K17264695"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}