CVE-2023-40457 Information

Description

The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is valuating support for RFC 7606 as a future feature\ and believes that ## Reference https://supportdocs.extremenetworks.com/support/documentation/extremexos-32-5/ https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling https://blog.benjojo.co.uk/asset/JgH8G5duO1