漏洞标题
Cisco IOS XR软件BGP EVPN拒绝服务漏洞
漏洞描述信息
Cisco IOS XR软件中边界网关协议(BGP)以太网虚拟私有网络(EVPN)功能的实现存在多个漏洞,未经身份验证的远程攻击者可能利用这些漏洞造成拒绝服务(DoS)状况。这些漏洞是由于处理包含精心构造的EVPN属性的BGP更新消息时处理不当导致的。攻击者可能通过向受影响系统发送具有畸形属性的BGP EVPN更新消息来利用这些漏洞。成功利用这些漏洞可能导致BGP进程意外重启,从而导致DoS状况。Cisco的BGP实现仅从明确定义的对等体接受 incoming BGP流量。要利用这些漏洞,恶意BGP更新消息需要来自已配置的有效BGP对等体,或者攻击者需要将该消息注入受害者的BGP网络中,该网络与现有有效TCP连接到的BGP对等体相连接。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
漏洞描述信息
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVSS信息
N/A
漏洞类别
资源管理错误
漏洞标题
Cisco IOS XR 资源管理错误漏洞
漏洞描述信息
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR 6.6.1之后版本中边界网关协议(BGP)以太网VPN(EVPN)功能的实现存在资源管理错误漏洞,该漏洞源于程序没有正确处理包含有特制EVPN属性的BGP更新消息。攻击者可通过发送属性格式错误的BGP EVPN更新消息利用该漏洞造成BGP进程意外重新启动,从而导致拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误