Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

Cyber Security Threat Summary:
“Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. BGP is a gateway protocol that's designed to exchange routing and reachability information between autonomous systems. It's used to find the most efficient routes for delivering internet traffic. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several vendors like NVIDIA Cumulus, DENT, and SONiC, posing supply chain risks. The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS” (The Hacker News, 2023).

Below is a brief description of the flaws:

  • CVE-2022-43681 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message that abruptly ends with the option length octet
  • CVE-2022-40318 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option.
  • CVE-2022-40302 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option.

    Security Officer Comments:
    According to BGP, the flaws could be “exploited by attackers to achieve a DoS condition on vulnerable BGP peers, thus dropping all BGP sessions and routing tables and rendering the peer unresponsive.” Furthermore this DoS condition could be prolonged by constantly sending malformed packets. In a live scenario, a threat could spoof a valid IP address of a trusted BGP peer to compromise a legitimate peer and further issue a unsolicited a BGP OPEN message.

    “This is achieved by taking advantage of the fact that ‘FRRouting begins to process OPEN messages (e.g., decapsulating optional parameters) before it gets a chance to verify the BGP Identifier and ASN fields of the originating router.’” (The Hacker News, 2023).

    Suggested Corrections:
    “To correct the risk of vulnerable BGP implementations, such as the FRRouting issues we found, the best recommendation is to patch network infrastructure devices as often as possible. To do so, you must first have an updated asset inventory that keeps track of all the networking devices in your organization and the versions of software running on them. This is much easier to achieve with software that provides granular visibility for every device in the network” (Forescout, 2023).

    Source:Link:
    https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html?m=1
    https://www.forescout.com/blog/

    Contact Us for Threat Assistance Back to Current Threats

    • Just Starting?



    Contact LACyber for More Info



    Current Active Cyber Threats