Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN.
The Cisco IOS XE operating system automates network operations and manages wired and wireless networks.
The vulnerability in the IOS XE, tracked as CVE-2017-12319, could be exploited remotely by an unauthenticated attacker to cause a DoS condition by crashing or corrupting the BGP routing table.
The flaw is linked is to a change in the implementation of the BGP MPLS-based Ethernet VPN(RFC 7432).
“A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.” reads the Cisco security advisory.
The implementation change happened between IOS XE releases, releases prior to 16.3 that support BGP over Ethernet VPN configurations are vulnerable.
Cisco warned that only devices configured for an Ethernet VPN are vulnerable.
“When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated,” continues the Cisco advisory. “An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.”
CISCO BGP implementation accepts packets only from defined peers, attackers must send malicious TCP packets spoofing the identity of a trusted BGP peer. An attacker could also inject malicious messages into the target BGP network.
“This would require obtaining information about the BGP peers in the affected system’s trusted network,” Cisco added. “The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.