cisco-sa-20171103-bgp

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

cisco-sa-20171103-bgp · Medium · Published 8 years ago · Updated 3 years ago

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.  The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS.The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer, or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2017-12319
Cisco Bug IDs	CSCvg52875, CSCui67191
CVSS Score	Base 6.8 Base 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco IOS XE Software 3.11.1S, Cisco IOS XE Software 3.11.2S, Cisco IOS XE Software 3.11.0S, Cisco IOS XE Software 3.11.3S, Cisco IOS XE Software 3.11.4S, Cisco IOS XE Software 3.12.0S, Cisco IOS XE Software 3.12.1S, Cisco IOS XE Software 3.12.2S, Cisco IOS XE Software 3.12.3S, Cisco IOS XE Software 3.12.0aS, Cisco IOS XE Software 3.12.4S, Cisco IOS XE Software 3.13.0S, Cisco IOS XE Software 3.13.1S, Cisco IOS XE Software 3.13.2S, Cisco IOS XE Software 3.13.3S, Cisco IOS XE Software 3.13.4S, Cisco IOS XE Software 3.13.5S, Cisco IOS XE Software 3.13.2aS, Cisco IOS XE Software 3.13.0aS, Cisco IOS XE Software 3.13.5aS, Cisco IOS XE Software 3.13.6S, Cisco IOS XE Software 3.13.7S, Cisco IOS XE Software 3.13.6aS, Cisco IOS XE Software 3.13.6bS, Cisco IOS XE Software 3.13.7aS, Cisco IOS XE Software 3.13.8S, Cisco IOS XE Software 3.6.0E, Cisco IOS XE Software 3.6.1E, Cisco IOS XE Software 3.6.0aE, Cisco IOS XE Software 3.6.0bE, Cisco IOS XE Software 3.6.2aE, Cisco IOS XE Software 3.6.2E, Cisco IOS XE Software 3.6.3E, Cisco IOS XE Software 3.6.4E, Cisco IOS XE Software 3.6.5E, Cisco IOS XE Software 3.6.6E, Cisco IOS XE Software 3.6.5aE, Cisco IOS XE Software 3.6.5bE, Cisco IOS XE Software 3.6.7E, Cisco IOS XE Software 3.6.7aE, Cisco IOS XE Software 3.6.7bE, Cisco IOS XE Software 3.14.0S, Cisco IOS XE Software 3.14.1S, Cisco IOS XE Software 3.14.2S, Cisco IOS XE Software 3.14.3S, Cisco IOS XE Software 3.14.4S, Cisco IOS XE Software 3.15.0S, Cisco IOS XE Software 3.15.1S, Cisco IOS XE Software 3.15.2S, Cisco IOS XE Software 3.15.1cS, Cisco IOS XE Software 3.15.3S, Cisco IOS XE Software 3.15.4S, Cisco IOS XE Software 3.7.0E, Cisco IOS XE Software 3.7.1E, Cisco IOS XE Software 3.7.2E, Cisco IOS XE Software 3.7.3E, Cisco IOS XE Software 3.7.4E, Cisco IOS XE Software 3.7.5E, Cisco IOS XE Software 3.16.0S, Cisco IOS XE Software 3.16.1S, Cisco IOS XE Software 3.16.0aS, Cisco IOS XE Software 3.16.1aS, Cisco IOS XE Software 3.16.2S, Cisco IOS XE Software 3.16.2aS, Cisco IOS XE Software 3.16.0bS, Cisco IOS XE Software 3.16.0cS, Cisco IOS XE Software 3.16.3S, Cisco IOS XE Software 3.16.2bS, Cisco IOS XE Software 3.16.3aS, Cisco IOS XE Software 3.16.4S, Cisco IOS XE Software 3.16.4aS, Cisco IOS XE Software 3.16.4bS, Cisco IOS XE Software 3.16.4gS, Cisco IOS XE Software 3.16.5S, Cisco IOS XE Software 3.16.4cS, Cisco IOS XE Software 3.16.4dS, Cisco IOS XE Software 3.16.4eS, Cisco IOS XE Software 3.16.6S, Cisco IOS XE Software 3.16.5aS, Cisco IOS XE Software 3.16.5bS, Cisco IOS XE Software 3.16.6bS, Cisco IOS XE Software 3.17.0S, Cisco IOS XE Software 3.17.1S, Cisco IOS XE Software 3.17.2S, Cisco IOS XE Software 3.17.1aS, Cisco IOS XE Software 3.17.3S, Cisco IOS XE Software 3.17.4S, Cisco IOS XE Software 16.1.1, Cisco IOS XE Software 16.1.2, Cisco IOS XE Software 16.1.3, Cisco IOS XE Software 16.2.1, Cisco IOS XE Software 16.2.2, Cisco IOS XE Software 3.8.0E, Cisco IOS XE Software 3.8.1E, Cisco IOS XE Software 3.8.2E, Cisco IOS XE Software 3.8.3E, Cisco IOS XE Software 3.8.4E, Cisco IOS XE Software 3.8.5E, Cisco IOS XE Software 3.8.5aE, Cisco IOS XE Software 3.18.0aS, Cisco IOS XE Software 3.18.0S, Cisco IOS XE Software 3.18.1S, Cisco IOS XE Software 3.18.2S, Cisco IOS XE Software 3.18.3S, Cisco IOS XE Software 3.18.4S, Cisco IOS XE Software 3.18.0SP, Cisco IOS XE Software 3.18.1SP, Cisco IOS XE Software 3.18.1aSP, Cisco IOS XE Software 3.18.1gSP, Cisco IOS XE Software 3.18.1bSP, Cisco IOS XE Software 3.18.1cSP, Cisco IOS XE Software 3.18.2SP, Cisco IOS XE Software 3.18.1hSP, Cisco IOS XE Software 3.18.2aSP, Cisco IOS XE Software 3.18.1iSP, Cisco IOS XE Software 3.18.3SP, Cisco IOS XE Software 3.18.3aSP, Cisco IOS XE Software 3.9.0E, Cisco IOS XE Software 17.11.99SW, Cisco IOS XE Software

Related Products

Product	CVE	Evidence
Cisco IOS	CVE-2017-12319	Cisco OpenVuln
Cisco IOS XE Software	CVE-2017-12319	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	CVE-2017-12319	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	CVE-2017-12319	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	CVE-2017-12319	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	CVE-2017-12319	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	CVE-2017-12319	Cisco OpenVuln · software-dependent

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

Workarounds

Related Products