CVE-2023-34061

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::
	cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::

History

18 Jan 2024, 20:24

Type	Values Removed	Values Added
References	~~() https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ -~~	() https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ - Vendor Advisory
CWE		CWE-400
First Time		Pivotal cloud Foundry Routing Release Pivotal Pivotal cloud Foundry Deployment
CPE		cpe:2.3:a:pivotal:cloud_foundry_routing_release:::::::: cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::

12 Jan 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementación de Cloud Foundry.

12 Jan 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 07:15

Updated : 2024-01-18 20:24

NVD link : CVE-2023-34061

Mitre link : CVE-2023-34061

CVE.ORG link : CVE-2023-34061

JSON object : View

Products Affected

pivotal

cloud_foundry_deployment
cloud_foundry_routing_release

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-34061", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-12T07:15:11.747", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}, {"lang": "es", "value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."}], "lastModified": "2024-01-18T20:24:41.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B", "versionEndIncluding": "33.5.0", "versionStartIncluding": "0.28.0"}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E", "versionEndIncluding": "0.283.0", "versionStartIncluding": "0.163.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}