Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVSS Information
N/A
Vulnerability Type
资源管理错误
Vulnerability Title
Cisco IOS XR 资源管理错误漏洞
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR 6.6.1之后版本中边界网关协议(BGP)以太网VPN(EVPN)功能的实现存在资源管理错误漏洞,该漏洞源于程序没有正确处理包含有特制EVPN属性的BGP更新消息。攻击者可通过发送属性格式错误的BGP EVPN更新消息利用该漏洞造成BGP进程意外重新启动,从而导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A