cisco-sa-20200122-ios-xr-evpn: Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
First published: Wed Jan 22 2020(Updated: )
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn
Credit: These vulnerabilities were found by Mrinmoy Ghosh Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XRv 9000 | =7.0.1<XRV9K=7.0.1<NCS5500=7.0.1<NCS560=7.0.1<NCS540L=7.0.1<NCS540=7.0.1<NCS6K=7.0.1<NCS5K=7.0.1<NCS1K=7.0.1<ASR9K-X64=6.6.25<NCS5500=6.6.25<NCS560=6.6.25<NCS540L=6.6.25<NCS540=6.6.2<XRV9K>=6.6.2<=6.6.2<NCS5K=6.6.2<ASR9K-X64=6.6.2<ASR9K=6.6.1<NCS6K=6.6.1<NCS540=6.6.1<ASR9K-X64=6.6.1<NCS5500 | XRV9K NCS5500 NCS560 NCS540L NCS540 NCS6K NCS5K NCS1K ASR9K-X64 NCS5500 NCS560 NCS540L NCS540 XRV9K NCS5K ASR9K-X64 ASR9K NCS6K NCS540 ASR9K-X64 NCS5500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of cisco-sa-20200122-ios-xr-evpn?
The severity of cisco-sa-20200122-ios-xr-evpn is classified as high due to its potential to cause a denial of service condition.
How do I fix cisco-sa-20200122-ios-xr-evpn?
To resolve cisco-sa-20200122-ios-xr-evpn, upgrade your Cisco IOS XR Software to a version that addresses the identified vulnerabilities.
Which products are affected by cisco-sa-20200122-ios-xr-evpn?
The affected products include various models of Cisco NCS and ASR routers running specific versions of IOS XR software.
Is cisco-sa-20200122-ios-xr-evpn remotely exploitable?
Yes, cisco-sa-20200122-ios-xr-evpn can be exploited remotely by an unauthenticated attacker.
What can an attacker achieve with cisco-sa-20200122-ios-xr-evpn?
An attacker can cause a denial of service (DoS) condition, impacting the availability of affected systems.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xrv 9000
- version/cisco ios xrv 9000/7.0.1
- version/cisco ios xrv 9000/6.6.25
- version/cisco ios xrv 9000/6.6.2
- version/cisco ios xrv 9000/6.6.1