Vulnerability Details CVE-2017-4920
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 7.1
References
Products affected by CVE-2017-4920
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.0
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.1
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.2
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.4
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.5
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.6
-
cpe:2.3:a:vmware:nsx-v_edge:6.2.7
-
cpe:2.3:a:vmware:nsx-v_edge:6.3.0
-
cpe:2.3:a:vmware:nsx-v_edge:6.3.1
-
cpe:2.3:a:vmware:nsx-v_edge:6.3.2