CVE-2017-12319
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.
Una vulnerabilidad en el protocolo BGP (Border Gateway Protocol) en una red Ethernet Virtual Private Network (EVPN) para Cisco IOS XE Software podría permitir que un atacante remoto no autenticado haga que el dispositivo se reinicie, lo que da lugar a una denegación de servicio (DoS) o, posiblemente, a que se corrompa la tabla de enrutamiento BGP, que a su vez puede dar como resultado la inestabilidad de la red. La vulnerabilidad existe debido a cambios en la implementación de la versión de borrador de BGP MPLS-Based Ethernet VPN RFC (RFC 7432) entre distribuciones de software IOS XE. Cuando se reciben los paquetes de actualización BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route, es posible que el campo de longitud de dirección IP se calcule de manera incorrecta. Un atacante podría explotar esta vulnerabilidad mediante el envío de un paquete BGP manipulado a un dispositivo afectado después de que se establezca una sesión BGP. Un exploit podría permitir que el atacante haga que se reinicie el dispositivo afectado o que corrompa la tabla de enrutamiento BGP. En cualquiera de los dos casos, el resultado sería una denegación de servicio (DoS). Esta vulnerabilidad puede tener lugar cuando el router recibe un mensaje BGP manipulado desde un peer o una sesión BGP existente. La vulnerabilidad afecta a todas las distribuciones de Cisco IOS XE Software anteriores a la versión 16.3 que soporta configuraciones BGP EVPN. Si el dispositivo no está configurado para EVPN, no es vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2017-08-03 CVE Reserved
- 2018-03-27 CVE Published
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-09-20 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/101676 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.4\(1\)s Search vendor "Cisco" for product "Ios" and version "15.4\(1\)s" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 16.3 Search vendor "Cisco" for product "Ios Xe" and version " < 16.3" | - |
Affected
|