CVE-2023-34061

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::
	cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::

History

18 Jan 2024, 20:24

Type	Values Removed	Values Added
References	~~() https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ -~~	() https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:pivotal:cloud_foundry_deployment:::::::: cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::
CWE		CWE-400
First Time		Pivotal Pivotal cloud Foundry Deployment Pivotal cloud Foundry Routing Release

12 Jan 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 07:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-34061

Mitre link : CVE-2023-34061

CVE.ORG link : CVE-2023-34061

JSON object : View

Products Affected

pivotal

cloud_foundry_routing_release
cloud_foundry_deployment

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-34061", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-12T07:15:11.747", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}, {"lang": "es", "value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."}], "lastModified": "2024-01-18T20:24:41.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B", "versionEndIncluding": "33.5.0", "versionStartIncluding": "0.28.0"}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E", "versionEndIncluding": "0.283.0", "versionStartIncluding": "0.163.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}