PT-2023-5089 · Pica8+10 · Pica8 Picos+10

Greyface-On

·

Published

2023-08-28

·

Updated

2024-11-28

·

CVE-2023-38802

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions FRRouting FRR versions 7.5.1 through 9.0 Pica8 PICOS version 4.3.3.2 PAN-OS (affected versions not specified)
Description The issue is related to errors in processing input data, allowing a remote attacker to cause a denial of service by sending specially crafted BGP update data. This can be achieved via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). The denial-of-service impact on the network depends on the network's architecture and fault-tolerant design.
Recommendations For FRRouting FRR versions 7.5.1 through 9.0, consider disabling the BGP routing feature until a patch is available. For Pica8 PICOS version 4.3.3.2, restrict access to the BGP update feature to minimize the risk of exploitation. For PAN-OS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

ALSA-2023:5194
ALSA-2023:5219
ALT-PU-2023-7098
ALT-PU-2024-2047
AZL-28614
BDU:2023-05649
CESA-2023_5219
CVE-2023-38802
DLA-3573-1
DSA-5495-1
OPENSUSE-SU-2023_3709-1
OPENSUSE-SU-2023_3762-1
OPENSUSE-SU-2023_3839-1
OPENSUSE-SU-2024:13191-1
OPENSUSE-SU-2024_4090-1
RHSA-2023:5194
RHSA-2023:5195
RHSA-2023:5196
RHSA-2023:5219
RHSA-2023:5457
RHSA-2023:5464
RHSA-2023:5465
RHSA-2023_5194
RHSA-2023_5219
SUSE-SU-2023:3709-1
SUSE-SU-2023:3762-1
SUSE-SU-2023:3793-1
SUSE-SU-2023:3836-1
SUSE-SU-2023:3839-1
SUSE-SU-2023_3762-1
SUSE-SU-2023_3793-1
SUSE-SU-2023_3836-1
SUSE-SU-2023_3839-1
SUSE-SU-2024:4090-1
USN-6323-1
USN-6807-1

Affected Products

Alt Linux
Almalinux
Centos
Frrouting Frr
Linuxmint
Pan-Os
Pica8 Picos
Red Hat
Red Os
Suse
Ubuntu