Executive Summary
Summary | |
---|---|
Title | Cisco IOS XR Software Border Gateway Protocol Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20090818-bgp | First vendor Publication | 2009-08-17 |
Vendor | Cisco | Last vendor Modification | 2009-08-20 |
Severity (Vendor) | N/A | Revision | 2.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature. These vulnerabilities include: * Cisco IOS XR Software will reset a BGP peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This vulnerability was disclosed in revision 1.0 of this advisory. * Cisco IOS XR BGP process will crash when sending a long length BGP update message When Cisco IOS XR sends a long length BGP update message, the BGP process may crash. The number of AS numbers required to exceed the total/maximum length of update message and cause the crash are well above normal limits seen within production environments. * Cisco IOS XR BGP process will crash when constructing a BGP update with a large number of AS prepends If the Cisco IOS XR BGP process is configured to prepend a very large number of Autonomous System (AS) Numbers to the AS path, the BGP process will crash. The number of AS numbers required to be prepended and cause the crash are well above normal limits seen within production environments. All three vulnerabilities are different vulnerabilities from what was disclosed in the Cisco Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities" on the 2009 July 29 1600 UTC at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml. Cisco has released a free software maintenance upgrade (SMU) that addresses these vulnerabilities. Workarounds that mitigates these vulnerabilities are available. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080af (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57504 | Cisco IOS XR Crafted BGP UPDATE Message Authenticated Remote DoS |
57503 | Cisco IOS XR BGP UPDATE Message AS Number Handling Remote DoS |
57259 | Cisco IOS XR Invalid BGP UPDATE Attribute Remote DoS |