CVE-2017-4920

Опубликовано: 05 дек. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 7.1

EPSS Низкий

Описание

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.

Ссылки

http://www.securityfocus.com/bid/100277
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0014.html
Vendor Advisory
http://www.securityfocus.com/bid/100277
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0014.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:nsx-v_edge:*:*:*:*:*:*:*:*

Версия от 6.2.0 (включая) до 6.2.8 (исключая)

cpe:2.3:a:vmware:nsx-v_edge:*:*:*:*:*:*:*:*

Версия от 6.3.0 (включая) до 6.3.3 (исключая)

EPSS

Процентиль: 52%

0.0029

Низкий

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-qpm6-fwxq-72v2