Lucene search

CiscoCISCO-SA-20171103-BGP

HistoryNov 03, 2017 - 4:00 p.m.

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

2017-11-0316:00:00

tools.cisco.com

EPSS

0.001

Percentile

50.0%

JSON

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) [“https://tools.ietf.org/html/rfc7432”] draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.

The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer, or inject malformed messages into the victim’s BGP network. This would require obtaining information about the BGP peers in the affected system’s trusted network.

The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp”]

Affected configurations

Vulners

Node

ciscocisco_ios_xe_softwareMatch3.11s

ciscocisco_ios_xe_softwareMatch3.12s

ciscocisco_ios_xe_softwareMatch3.13s

ciscocisco_ios_xe_softwareMatch3.6e

ciscocisco_ios_xe_softwareMatch3.14s

ciscocisco_ios_xe_softwareMatch3.15s

ciscocisco_ios_xe_softwareMatch3.7e

ciscocisco_ios_xe_softwareMatch3.16s

ciscocisco_ios_xe_softwareMatch3.17s

ciscocisco_ios_xe_softwareMatch16.1

ciscocisco_ios_xe_softwareMatch16.2

ciscocisco_ios_xe_softwareMatch3.8e

ciscocisco_ios_xe_softwareMatch3.18s

ciscocisco_ios_xe_softwareMatch3.18sp

ciscocisco_ios_xe_softwareMatch3.9e

ciscocisco_ios_xe_softwareMatch3.11.1s

ciscocisco_ios_xe_softwareMatch3.11.2s

ciscocisco_ios_xe_softwareMatch3.11.0s

ciscocisco_ios_xe_softwareMatch3.11.3s

ciscocisco_ios_xe_softwareMatch3.11.4s

ciscocisco_ios_xe_softwareMatch3.12.0s

ciscocisco_ios_xe_softwareMatch3.12.1s

ciscocisco_ios_xe_softwareMatch3.12.2s

ciscocisco_ios_xe_softwareMatch3.12.3s

ciscocisco_ios_xe_softwareMatch3.12.0as

ciscocisco_ios_xe_softwareMatch3.12.4s

ciscocisco_ios_xe_softwareMatch3.13.0s

ciscocisco_ios_xe_softwareMatch3.13.1s

ciscocisco_ios_xe_softwareMatch3.13.2s

ciscocisco_ios_xe_softwareMatch3.13.3s

ciscocisco_ios_xe_softwareMatch3.13.4s

ciscocisco_ios_xe_softwareMatch3.13.5s

ciscocisco_ios_xe_softwareMatch3.13.2as

ciscocisco_ios_xe_softwareMatch3.13.0as

ciscocisco_ios_xe_softwareMatch3.13.5as

ciscocisco_ios_xe_softwareMatch3.13.6s

ciscocisco_ios_xe_softwareMatch3.13.7s

ciscocisco_ios_xe_softwareMatch3.13.6as

ciscocisco_ios_xe_softwareMatch3.13.6bs

ciscocisco_ios_xe_softwareMatch3.13.7as

ciscocisco_ios_xe_softwareMatch3.13.8s

ciscocisco_ios_xe_softwareMatch3.6.0e

ciscocisco_ios_xe_softwareMatch3.6.1e

ciscocisco_ios_xe_softwareMatch3.6.0ae

ciscocisco_ios_xe_softwareMatch3.6.0be

ciscocisco_ios_xe_softwareMatch3.6.2ae

ciscocisco_ios_xe_softwareMatch3.6.2e

ciscocisco_ios_xe_softwareMatch3.6.3e

ciscocisco_ios_xe_softwareMatch3.6.4e

ciscocisco_ios_xe_softwareMatch3.6.5e

ciscocisco_ios_xe_softwareMatch3.6.6e

ciscocisco_ios_xe_softwareMatch3.6.5ae

ciscocisco_ios_xe_softwareMatch3.6.5be

ciscocisco_ios_xe_softwareMatch3.6.7e

ciscocisco_ios_xe_softwareMatch3.6.7ae

ciscocisco_ios_xe_softwareMatch3.6.7be

ciscocisco_ios_xe_softwareMatch3.14.0s

ciscocisco_ios_xe_softwareMatch3.14.1s

ciscocisco_ios_xe_softwareMatch3.14.2s

ciscocisco_ios_xe_softwareMatch3.14.3s

ciscocisco_ios_xe_softwareMatch3.14.4s

ciscocisco_ios_xe_softwareMatch3.15.0s

ciscocisco_ios_xe_softwareMatch3.15.1s

ciscocisco_ios_xe_softwareMatch3.15.2s

ciscocisco_ios_xe_softwareMatch3.15.1cs

ciscocisco_ios_xe_softwareMatch3.15.3s

ciscocisco_ios_xe_softwareMatch3.15.4s

ciscocisco_ios_xe_softwareMatch3.7.0e

ciscocisco_ios_xe_softwareMatch3.7.1e

ciscocisco_ios_xe_softwareMatch3.7.2e

ciscocisco_ios_xe_softwareMatch3.7.3e

ciscocisco_ios_xe_softwareMatch3.7.4e

ciscocisco_ios_xe_softwareMatch3.7.5e

ciscocisco_ios_xe_softwareMatch3.16.0s

ciscocisco_ios_xe_softwareMatch3.16.1s

ciscocisco_ios_xe_softwareMatch3.16.0as

ciscocisco_ios_xe_softwareMatch3.16.1as

ciscocisco_ios_xe_softwareMatch3.16.2s

ciscocisco_ios_xe_softwareMatch3.16.2as

ciscocisco_ios_xe_softwareMatch3.16.0bs

ciscocisco_ios_xe_softwareMatch3.16.0cs

ciscocisco_ios_xe_softwareMatch3.16.3s

ciscocisco_ios_xe_softwareMatch3.16.2bs

ciscocisco_ios_xe_softwareMatch3.16.3as

ciscocisco_ios_xe_softwareMatch3.16.4s

ciscocisco_ios_xe_softwareMatch3.16.4as

ciscocisco_ios_xe_softwareMatch3.16.4bs

ciscocisco_ios_xe_softwareMatch3.16.4gs

ciscocisco_ios_xe_softwareMatch3.16.5s

ciscocisco_ios_xe_softwareMatch3.16.4cs

ciscocisco_ios_xe_softwareMatch3.16.4ds

ciscocisco_ios_xe_softwareMatch3.16.4es

ciscocisco_ios_xe_softwareMatch3.16.6s

ciscocisco_ios_xe_softwareMatch3.16.5as

ciscocisco_ios_xe_softwareMatch3.16.5bs

ciscocisco_ios_xe_softwareMatch3.16.6bs

ciscocisco_ios_xe_softwareMatch3.17.0s

ciscocisco_ios_xe_softwareMatch3.17.1s

ciscocisco_ios_xe_softwareMatch3.17.2s

ciscocisco_ios_xe_softwareMatch3.17.1as

ciscocisco_ios_xe_softwareMatch3.17.3s

ciscocisco_ios_xe_softwareMatch3.17.4s

ciscocisco_ios_xe_softwareMatch16.1.1

ciscocisco_ios_xe_softwareMatch16.1.2

ciscocisco_ios_xe_softwareMatch16.1.3

ciscocisco_ios_xe_softwareMatch16.2.1

ciscocisco_ios_xe_softwareMatch16.2.2

ciscocisco_ios_xe_softwareMatch3.8.0e

ciscocisco_ios_xe_softwareMatch3.8.1e

ciscocisco_ios_xe_softwareMatch3.8.2e

ciscocisco_ios_xe_softwareMatch3.8.3e

ciscocisco_ios_xe_softwareMatch3.8.4e

ciscocisco_ios_xe_softwareMatch3.8.5e

ciscocisco_ios_xe_softwareMatch3.8.5ae

ciscocisco_ios_xe_softwareMatch3.18.0as

ciscocisco_ios_xe_softwareMatch3.18.0s

ciscocisco_ios_xe_softwareMatch3.18.1s

ciscocisco_ios_xe_softwareMatch3.18.2s

ciscocisco_ios_xe_softwareMatch3.18.3s

ciscocisco_ios_xe_softwareMatch3.18.4s

ciscocisco_ios_xe_softwareMatch3.18.0sp

ciscocisco_ios_xe_softwareMatch3.18.1sp

ciscocisco_ios_xe_softwareMatch3.18.1asp

ciscocisco_ios_xe_softwareMatch3.18.1gsp

ciscocisco_ios_xe_softwareMatch3.18.1bsp

ciscocisco_ios_xe_softwareMatch3.18.1csp

ciscocisco_ios_xe_softwareMatch3.18.2sp

ciscocisco_ios_xe_softwareMatch3.18.1hsp

ciscocisco_ios_xe_softwareMatch3.18.2asp

ciscocisco_ios_xe_softwareMatch3.18.1isp

ciscocisco_ios_xe_softwareMatch3.18.3sp

ciscocisco_ios_xe_softwareMatch3.18.3asp

ciscocisco_ios_xe_softwareMatch3.9.0e

VendorProductVersionCPE
ciscocisco_ios_xe_software3.11scpe:2.3:a:cisco:cisco_ios_xe_software:3.11s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.12scpe:2.3:a:cisco:cisco_ios_xe_software:3.12s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.13scpe:2.3:a:cisco:cisco_ios_xe_software:3.13s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.6ecpe:2.3:a:cisco:cisco_ios_xe_software:3.6e:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.14scpe:2.3:a:cisco:cisco_ios_xe_software:3.14s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.15scpe:2.3:a:cisco:cisco_ios_xe_software:3.15s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.7ecpe:2.3:a:cisco:cisco_ios_xe_software:3.7e:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.16scpe:2.3:a:cisco:cisco_ios_xe_software:3.16s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.17scpe:2.3:a:cisco:cisco_ios_xe_software:3.17s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.1cpe:2.3:a:cisco:cisco_ios_xe_software:16.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_ios_xe_software	3.11s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.11s:::::::*
cisco	cisco_ios_xe_software	3.12s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.12s:::::::*
cisco	cisco_ios_xe_software	3.13s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.13s:::::::*
cisco	cisco_ios_xe_software	3.6e	cpe:2.3:a:cisco:cisco_ios_xe_software:3.6e:::::::*
cisco	cisco_ios_xe_software	3.14s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.14s:::::::*
cisco	cisco_ios_xe_software	3.15s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.15s:::::::*
cisco	cisco_ios_xe_software	3.7e	cpe:2.3:a:cisco:cisco_ios_xe_software:3.7e:::::::*
cisco	cisco_ios_xe_software	3.16s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.16s:::::::*
cisco	cisco_ios_xe_software	3.17s	cpe:2.3:a:cisco:cisco_ios_xe_software:3.17s:::::::*
cisco	cisco_ios_xe_software	16.1	cpe:2.3:a:cisco:cisco_ios_xe_software:16.1:::::::*