Security Advisory Description
The BGP daemon (bgpd) in ZebOS through 7.10.6 allows remote attackers to cause a denial-of-service (DoS) by sending crafted BGP update messages containing a malformed attribute. (CVE-2023-45886)
Impact
This vulnerability may allow a remote unauthenticated attacker to cause a DoS on the BGP peering process.
Note: CVE-2023-45886 is a vulnerability in ZebOS software, a third-party component licensed by F5 as part of the BIG-IP Advanced Routing Module. This module is not enabled by default and requires a separate license. To determine if your system is actively running BIG-IP Advanced Routing Module, refer to K10168: Overview of BGP on the BIG-IP system.