Cisco said that changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN has created a vulnerability in its IOE XE software.
The networking giant has released software updates for IOS XE that patches the issue, which could be exploited remotely without authentication, and cause a crash or corrupt the BGP routing table, resulting in network instability.
The flaw, CVE-2017-12319, is traced to a change in the implementation of RFC 7432, which is the BGP MPLS-based Ethernet VPN. The implementation change, Cisco said, happened between IOS XE releases. IOS XE is Ciscoโs proprietary operating systems that automates network operations and manage wired and wireless networks. Cisco said that all releases of IOS XE prior to 16.3 that support BGP over Ethernet VPN configurations are vulnerable. Any devices not configured for an Ethernet VPN are not vulnerable, Cisco said.
โWhen the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated,โ Cisco said in an advisory released Friday. โAn attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.โ
Cisco said that since its BGP implementation accepts packets only from defined peers, attackers must send malicious TCP packets and make them appear to originate from a trusted BGP peer. An attacker could also inject malicious messages into the victimโs BGP network, Cisco said.
โThis would require obtaining information about the BGP peers in the affected systemโs trusted network,โ Cisco said. โThe vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.โ