CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
70.8%
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Vendor | Product | Version | CPE |
---|---|---|---|
frrouting | frrouting | * | cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:* |
frrouting | frrouting | 3.0 | cpe:2.3:a:frrouting:frrouting:3.0:*:*:*:*:*:*:* |
frrouting | frrouting | 3.0 | cpe:2.3:a:frrouting:frrouting:3.0:rc0:*:*:*:*:*:* |
frrouting | frrouting | 3.0 | cpe:2.3:a:frrouting:frrouting:3.0:rc1:*:*:*:*:*:* |
frrouting | frrouting | 3.0 | cpe:2.3:a:frrouting:frrouting:3.0:rc2:*:*:*:*:*:* |
frrouting | frrouting | 3.0 | cpe:2.3:a:frrouting:frrouting:3.0:rc3:*:*:*:*:*:* |
frrouting | frrouting | 3.0.1 | cpe:2.3:a:frrouting:frrouting:3.0.1:*:*:*:*:*:*:* |
cumulusnetworks | cumulus_linux | * | cpe:2.3:o:cumulusnetworks:cumulus_linux:*:*:*:*:*:*:*:* |
www.securityfocus.com/bid/101794
frrouting.org/community/security.html
lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html
support.cumulusnetworks.com/hc/en-us/articles/115014754307#rn690
support.cumulusnetworks.com/hc/en-us/articles/115014778107-CVE-2017-15865-Malformed-BGP-UPDATE-Triggers-Information-Disclosure
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
70.8%