Information Technology giant, Cisco in an official statement said that they developed a vulnerability in its IOE XE software when it implemented changes in its Border Gateway Protocol on an Ethernet VPN.
The earlier version of IOS XE had a flaw that was easily exploited through remote connections that had no authentication. It hampered the network stability by corrupting or crashing the BGP routing table. Thus Cisco released a software update that patches this issue.
IOS XE is the networking giant’s very own operating system which is under their own proprietary rights. Its prime function is to automate network operations along with managing both wired and wireless networks. They encountered a glitch in the implementation of RFC 7432, which is BGP MPLS-based Ethernet VPN. The flaw was termed CVE -2017-12319 which they claimed to have encountered in between IOS XE releases.
Cisco released a report informing that any release of IOS XE which is prior to 16.3 version and supports BGP over Ethernet VPN have this flaw. But the devices not configured for Ethernet VPN are safe to use.
Cisco, in their advisory that was released on Friday, particularly mentioned that the IP address length field has a flaw in calculation whenever they receive an updated packet in either of their BGP Inclusive Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route. This vulnerability is easily exploited in an affected device by sending a crafted BGP packet after it has established a BGP session.
Every time a DoS is encountered whenever this exploit takes place as the exploited device encounters a corruption in its BGP routing table or it has to reload the whole. The BGP functions by accepting packets only from trusted peers. Thus all that is needed for an attacker to do is to send a corrupted or a malicious TCP packet and all they have to do is to present that the packet was sent from one of the defined peers. It not only allows the attacker to corrupt the system but they can also choose to run malicious messages throughout the victim’s BGP network.
The router gets vulnerable just as soon as it establishes a BGP neighbor session. It gets triggered as soon as the router receives a crafted BGP message while the session is running. According to Cisco, all which is needed for the attacker to do is to obtain information about the BGP peers in the system that they intend to attack.