Lucene search

VmwareCVELIST:CVE-2024-22279

HistoryJun 10, 2024 - 7:47 p.m.

CVE-2024-22279 GoRouter Denial of Service Attack

2024-06-1019:47:43

CWE-444

vmware

www.cve.org

cve-2024-22279

gorouter

denial of service

improper handling

unauthenticated attacker

cloud foundry

service availability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade
the service availability of the Cloud Foundry deployment if performed at scale.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Routing Release",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "lessThanOrEqual": "v0.297.0",
        "status": "affected",
        "version": "v0.273.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cloudfoundry.org/blog/cve-2024-22279-gorouter-denial-of-service-attack/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2024-22279