// For flags

CVE-2017-12319

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.

Una vulnerabilidad en el protocolo BGP (Border Gateway Protocol) en una red Ethernet Virtual Private Network (EVPN) para Cisco IOS XE Software podría permitir que un atacante remoto no autenticado haga que el dispositivo se reinicie, lo que da lugar a una denegación de servicio (DoS) o, posiblemente, a que se corrompa la tabla de enrutamiento BGP, que a su vez puede dar como resultado la inestabilidad de la red. La vulnerabilidad existe debido a cambios en la implementación de la versión de borrador de BGP MPLS-Based Ethernet VPN RFC (RFC 7432) entre distribuciones de software IOS XE. Cuando se reciben los paquetes de actualización BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route, es posible que el campo de longitud de dirección IP se calcule de manera incorrecta. Un atacante podría explotar esta vulnerabilidad mediante el envío de un paquete BGP manipulado a un dispositivo afectado después de que se establezca una sesión BGP. Un exploit podría permitir que el atacante haga que se reinicie el dispositivo afectado o que corrompa la tabla de enrutamiento BGP. En cualquiera de los dos casos, el resultado sería una denegación de servicio (DoS). Esta vulnerabilidad puede tener lugar cuando el router recibe un mensaje BGP manipulado desde un peer o una sesión BGP existente. La vulnerabilidad afecta a todas las distribuciones de Cisco IOS XE Software anteriores a la versión 16.3 que soporta configuraciones BGP EVPN. Si el dispositivo no está configurado para EVPN, no es vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2017-08-03 CVE Reserved
  • 2018-03-27 CVE Published
  • 2022-03-03 Exploited in Wild
  • 2022-03-24 KEV Due Date
  • 2024-09-20 EPSS Updated
  • 2024-11-15 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.4\(1\)s
Search vendor "Cisco" for product "Ios" and version "15.4\(1\)s"
-
Affected
Cisco
Search vendor "Cisco"
 Ios Xe
Search vendor "Cisco" for product "Ios Xe"
 < 16.3
Search vendor "Cisco" for product "Ios Xe" and version " < 16.3"
-
Affected