Denial of service in VMware NSX-V Edge - CVE-2017-4920
Published: August 11, 2017 / Updated: August 15, 2017
Vulnerability identifier: #VU7876
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4920
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware NSX-V Edge
VMware NSX-V Edge
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of the link-state advertisement (LSA) by implementation of the OSPF protocol. A local attacker can send a malicious LSA continuously between two routers and cause the system to stop functioning properly.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper handling of the link-state advertisement (LSA) by implementation of the OSPF protocol. A local attacker can send a malicious LSA continuously between two routers and cause the system to stop functioning properly.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-4920
Update to version 6.2.8 or 6.3.3.