Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability

A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

N/A

资源管理错误

Cisco IOS XR 资源管理错误漏洞

Cisco IOS XR是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS XR中Border Gateway Protocol(边界网关协议) Ethernet VPN (EVPN)功能的实现存在资源管理错误漏洞，该漏洞源于程序没有正确处理包含特定EVPN属性的BGP更新消息。远程攻击者可借助恶意的BGP更新消息利用该漏洞造成拒绝服务。

N/A

N/A