CVE-2018-17539 — Ocnos vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Local Traffic Manager Ipinfusion Ocnos Ipinfusion Zebos

Timeline

PublishedDec 28

Latest updateMay 13

Description

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDipinfusion/ocnos1.3.3.145

▶NVDipinfusion/zebos7.10.6

▶NVDf5/big-ip_local_traffic_manager11.2.1 — 11.6.3+3

🔴Vulnerability Details

GHSA

GHSA-j437-j3mv-3fq3: The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7↗2022-05-13

▶

CVEList

CVE-2018-17539: The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7↗2018-12-28

▶