Lucene search

VmwareVULNRICHMENT:CVE-2024-22279

HistoryJun 10, 2024 - 7:47 p.m.

CVE-2024-22279 GoRouter Denial of Service Attack

2024-06-1019:47:43

CWE-444

vmware

github.com

improper handling

gorouter

denial of service

cloud foundry deployment

unauthenticated attacker

service availability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade
the service availability of the Cloud Foundry deployment if performed at scale.

CNA Affected

[
  {
    "vendor": "Cloud Foundry",
    "product": "Routing Release",
    "versions": [
      {
        "status": "affected",
        "version": "v0.273.0",
        "versionType": "custom",
        "lessThanOrEqual": "v0.297.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cloudfoundry.org/blog/cve-2024-22279-gorouter-denial-of-service-attack/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for VULNRICHMENT:CVE-2024-22279