PT-2024-12891 · Extreme Networks · Extremexos
Published
2024-11-10
·
Updated
2024-11-13
·
CVE-2023-40457
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Extreme Networks ExtremeXOS (aka EXOS) version 30.7.1.1
Description
The issue is related to the BGP daemon in Extreme Networks ExtremeXOS, which allows an attacker to cause a denial of service (BGP session reset) due to BGP attribute error mishandling for attributes 21 and 25. The vendor disputes this issue, stating it is evaluating support for RFC 7606 as a future feature and believes customers have chosen not to require or implement RFC 7606 willingly.
Recommendations
For Extreme Networks ExtremeXOS (aka EXOS) version 30.7.1.1, apply the latest patches and follow remediation guidelines to secure your systems. As a temporary workaround, consider restricting access to BGP attributes 21 and 25 to minimize the risk of exploitation.
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Extremexos