CVE-2021-26928

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees
Configurations

Configuration 1 (hide)

cpe:2.3:a:nic:bird:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:31

Type Values Removed Values Added
Summary ** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees. BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees

16 Jun 2021, 13:47

Type Values Removed Values Added
CPE cpe:2.3:a:nic:bird:*:*:*:*:*:*:*:*
CWE CWE-306
CVSS v2 : unknown
v3 : unknown
v2 : 4.9
v3 : 6.8
References (MISC) https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 - (MISC) https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2 - Exploit, Mitigation, Third Party Advisory

04 Jun 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-04 21:15

Updated : 2024-07-03 01:36


NVD link : CVE-2021-26928

Mitre link : CVE-2021-26928

CVE.ORG link : CVE-2021-26928


JSON object : View

Products Affected

nic

  • bird
CWE
CWE-306

Missing Authentication for Critical Function