CVE-2017-4920 — Uncontrolled Resource Consumption in Vmware Nsx-v Edge

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 47.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Nsx-v Edge Vmware NSX Vmware Vsphere

Timeline

PublishedDec 5

Latest updateMay 14

Description

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDvmware/nsx-v_edge6.2.0 — 6.2.8+1

▶CVEListV5vmware/nsx-v_edge6.2.x prior to 6.2.8, 6.3.x prior to 6.3.3+1

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_nsx

🔴Vulnerability Details

GHSA

GHSA-qpm6-fwxq-72v2: The implementation of the OSPF protocol in VMware NSX-V Edge 6↗2022-05-14

▶

📋Vendor Advisories

VMware

VMware NSX-V Edge updates address OSPF Protocol LSA DoS↗2017-08-10

▶