Cisco patches DoS vulnerability in IOS XE

Exploiting the vulnerability can lead to denial-of-service (DoS) attacks.

File Photo

Cisco has patched a vulnerability in IOS XE which if exploited can corrupt data and force denial-of-service (DoS) attacks.

Last week, the tech giant said the bug, CVE-2017-12319, is found in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE, a network operating system designed for the enterprise.

In a security advisory, Cisco said the medium-risk bug could be harnessed by attackers to "cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability."

The bug exists due to changes made between IOS XE software releases, and the implementation of BGP MPLS-Based Ethernet VPN RFC (RFC 7432), in particular, was at fault.

"When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated," Cisco says. "An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS."

The tech giant's implementation of the BGP protocol only accepts traffic from defined, valid peers, and so an attacker must be able to send malicious packets over TCP from what appears to be a legitimate peer in order to exploit the security flaw.

Alternatively, a hacker could leverage the bug by injecting crafted messages into a BGP network -- but this requires existing knowledge relating to the BGP peers in the victim system's trusted network.

"The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session," Cisco added. "At least one BGP neighbor session must be established for a router to be vulnerable."

There are no workarounds to protect against this bug, which impacts every release of Cisco IOS XE software prior to version 16.3, assuming they are configured to support BGP EVPN.

Cisco has released software updates to patch the flaw, as well as a checker tool for users to check which version their software is and whether or not a patch should be implemented.

Versions of IOS XE software 16.3 and later are not affected.

Previous and related coverage