CWE
399
Advisory Published

cisco-sa-bgpevpn-zWTRtPBb: Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability

First published: Wed Apr 13 2022(Updated: )

A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgpevpn-zWTRtPBb This advisory is part of the April 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco IOS XR Software Security Advisory Bundled Publication.

Affected SoftwareAffected VersionHow to fix
Cisco IOS XR Software
Cisco IOS XR Software=7.1.2<NCS5500
NCS5500

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the Cisco vulnerability ID for this vulnerability?

    The Cisco vulnerability ID for this vulnerability is cisco-sa-bgpevpn-zWTRtPBb.

  • What is the severity level of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb?

    The severity level of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb is medium with a severity value of 6.8.

  • What is affected by the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb?

    The Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb affects Cisco IOS XR Software versions 7.1.2 and up to, but excluding, NCS5500.

  • What is the impact of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb?

    The impact of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb is the potential for a denial of service (DoS) condition to be caused by an unauthenticated remote attacker.

  • Is there a fix available for the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb?

    At the time of this advisory, there is no known fix for the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203