CVE-2023-34061 - OpenCVE

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal	Cloud Foundry Deployment Cloud Foundry Routing Release

Configuration 1 [-]

OR	cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::
	cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::

No data.

References

Link	Providers
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-01-12T07:01:49.532Z

Updated: 2024-08-02T16:01:53.639Z

Reserved: 2023-05-25T17:21:56.204Z

Link: CVE-2023-34061

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-12T07:15:11.747

Modified: 2024-01-18T20:24:41.583

Link: CVE-2023-34061

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34061", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.204Z", "datePublished": "2024-01-12T07:01:49.532Z", "dateUpdated": "2024-08-02T16:01:53.639Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Routing Release", "vendor": "Cloud Foundry", "versions": [{"lessThan": "0.284.0", "status": "affected", "version": "0.163.0", "versionType": "0.284.0"}]}, {"defaultStatus": "unaffected", "product": "CF deployment", "vendor": "Cloud Foundry", "versions": [{"lessThan": "33.6.0", "status": "affected", "version": "0.28.0", "versionType": "33.6.0"}]}], "datePublic": "2023-12-07T14:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.</p><br><br>"}], "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-01-12T07:01:49.532Z"}, "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2023-34061 \u2013 Gorouter route pruning", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:53.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", "matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B", "versionEndIncluding": "33.5.0", "versionStartIncluding": "0.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E", "versionEndIncluding": "0.283.0", "versionStartIncluding": "0.163.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}, {"lang": "es", "value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."}], "id": "CVE-2023-34061", "lastModified": "2024-01-18T20:24:41.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-01-12T07:15:11.747", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}