CVE-2023-45886

HIGH

F5 BIG-IP Next and ZebOS - Denial of Service via Malformed BGP Update Attribute

Title source: llm

Description

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

References (4)

Core 4

Core References

Exploit

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

Third Party Advisory

https://my.f5.com/manage/s/article/K000137315

Product

https://www.ipinfusion.com/doc_prod_cat/zebos/

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/347067

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 54.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (6)

f5/big-ip_global_traffic_manager 13.1.0 - 13.1.5

f5/big-ip_local_traffic_manager 13.1.0 - 13.1.5

f5/big-ip_next 20.0.1

f5/big-ip_next_cloud-native_network_functions 1.1.0 - 1.1.1

f5/big-ip_next_service_proxy_for_kubernetes 1.5.0 - 1.8.2

ipinfusion/zebos < 7.10.6

Published Nov 21, 2023

Tracked Since Feb 18, 2026