CVE-2023-41376

Published: Aug 29, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.

Affected (2)

Products: Nokia: Service Router Linux, Service Router Operating System

Nokia

2 products

Service Router Linux

Service Router Operating System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Nokia Service Router Linux	All versions
Nokia Service Router Operating System	Version 22.10

Related CWEs

CWE-670

Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References (6)

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

Source: cve@mitre.org

ExploitThird Party Advisory

https://news.ycombinator.com/item?id=37305800

Source: cve@mitre.org

Issue Tracking

https://www.nokia.com/networks/technologies/service-router-operating-system/

Source: cve@mitre.org

Product

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://news.ycombinator.com/item?id=37305800

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://www.nokia.com/networks/technologies/service-router-operating-system/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.