Cisco Patches DoS Flaw in BGP over Ethernet VPN Implementation

Cisco said that changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN has created a vulnerability in its IOE XE software.

The networking giant has released software updates for IOS XE that patches the issue, which could be exploited remotely without authentication, and cause a crash or corrupt the BGP routing table, resulting in network instability.

The flaw, CVE-2017-12319, is traced to a change in the implementation of RFC 7432, which is the BGP MPLS-based Ethernet VPN. The implementation change, Cisco said, happened between IOS XE releases. IOS XE is Cisco’s proprietary operating systems that automates network operations and manage wired and wireless networks. Cisco said that all releases of IOS XE prior to 16.3 that support BGP over Ethernet VPN configurations are vulnerable. Any devices not configured for an Ethernet VPN are not vulnerable, Cisco said.

“When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated,” Cisco said in an advisory released Friday. “An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.”

Cisco said that since its BGP implementation accepts packets only from defined peers, attackers must send malicious TCP packets and make them appear to originate from a trusted BGP peer. An attacker could also inject malicious messages into the victim’s BGP network, Cisco said.

“This would require obtaining information about the BGP peers in the affected system’s trusted network,” Cisco said. “The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.”

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!