Cisco NX-OS Software BGP Regex Vulnerability

ID CISCO-SA-20130917-CVE-2013-1121
Type cisco
Reporter Cisco
Modified 2013-09-17T18:41:42


A vulnerability in the Border Gateway Protocol (BGP) code of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload.

The vulnerability is due to an issue with the regex engine used when processing complex regular expressions. An attacker could exploit this vulnerability by injecting specific autonomous system (AS) path sets. If the affected device has a complex regular expression applied to the inbound routes, the vulnerability may be triggered. An exploit could allow the attacker to trigger Cisco NX-OS Software to restart.

Cisco has confirmed the vulnerability in a security notice and released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.