Lucene search

K
nvd[email protected]NVD:CVE-2017-15865
HistoryNov 08, 2017 - 8:29 p.m.

CVE-2017-15865

2017-11-0820:29:00
CWE-200
web.nvd.nist.gov
2

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

70.8%

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

Affected configurations

Nvd
Node
frroutingfrroutingRange<2.0.2
OR
frroutingfrroutingMatch3.0
OR
frroutingfrroutingMatch3.0rc0
OR
frroutingfrroutingMatch3.0rc1
OR
frroutingfrroutingMatch3.0rc2
OR
frroutingfrroutingMatch3.0rc3
OR
frroutingfrroutingMatch3.0.1
AND
cumulusnetworkscumulus_linuxRange<3.4.3
VendorProductVersionCPE
frroutingfrrouting*cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*
frroutingfrrouting3.0cpe:2.3:a:frrouting:frrouting:3.0:*:*:*:*:*:*:*
frroutingfrrouting3.0cpe:2.3:a:frrouting:frrouting:3.0:rc0:*:*:*:*:*:*
frroutingfrrouting3.0cpe:2.3:a:frrouting:frrouting:3.0:rc1:*:*:*:*:*:*
frroutingfrrouting3.0cpe:2.3:a:frrouting:frrouting:3.0:rc2:*:*:*:*:*:*
frroutingfrrouting3.0cpe:2.3:a:frrouting:frrouting:3.0:rc3:*:*:*:*:*:*
frroutingfrrouting3.0.1cpe:2.3:a:frrouting:frrouting:3.0.1:*:*:*:*:*:*:*
cumulusnetworkscumulus_linux*cpe:2.3:o:cumulusnetworks:cumulus_linux:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

70.8%