First published: Wed Apr 13 2022(Updated: )
A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message that contains specific EVPN attributes. To exploit this vulnerability, an attacker must control a BGP speaker that has an established trusted peer connection to an affected device that is configured with the address family L2VPN EVPN to receive and process the update message. This vulnerability cannot be exploited by any data that is initiated by clients on the Layer 2 network or by peers that are not configured to accept the L2VPN EVPN address family. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP updates only from explicitly defined peers. For this vulnerability to be exploited, the malicious BGP update message must either come from a configured, valid BGP peer or be injected by the attacker into the affected BGP network on an existing, valid TCP connection to a BGP peer. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgpevpn-zWTRtPBb This advisory is part of the April 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco IOS XR Software Security Advisory Bundled Publication.
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XR Software | ||
Cisco IOS XR Software | =7.1.2<NCS5500 | NCS5500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The Cisco vulnerability ID for this vulnerability is cisco-sa-bgpevpn-zWTRtPBb.
The severity level of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb is medium with a severity value of 6.8.
The Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb affects Cisco IOS XR Software versions 7.1.2 and up to, but excluding, NCS5500.
The impact of the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb is the potential for a denial of service (DoS) condition to be caused by an unauthenticated remote attacker.
At the time of this advisory, there is no known fix for the Cisco vulnerability cisco-sa-bgpevpn-zWTRtPBb.