Jump to content
  • Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

    aum

    • 592 views
    • 3 minutes
     Share


    • 592 views
    • 3 minutes

    Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.

     

    The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several vendors like NVIDIA Cumulus, DENT, and SONiC, posing supply chain risks.

     

    The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.

     

    BGP is a gateway protocol that's designed to exchange routing and reachability information between autonomous systems. It's used to find the most efficient routes for delivering internet traffic.

     

    The list of three flaws is as follows -

     

    • CVE-2022-40302 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option.

     

    • CVE-2022-40318 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option.

     

    • CVE-2022-43681 (CVSS score: 6.5) - Out-of-bounds read when processing a malformed BGP OPEN message that abruptly ends with the option length octet.

     

    The issues "could be exploited by attackers to achieve a DoS condition on vulnerable BGP peers, thus dropping all BGP sessions and routing tables and rendering the peer unresponsive," the company said in a report shared with The Hacker News.

     

    chart.png

     

    "The DoS condition may be prolonged indefinitely by repeatedly sending malformed packets. The main root cause is the same vulnerable code pattern copied into several functions related to different stages of parsing OPEN messages."

     

    A threat actor could spoof a valid IP address of a trusted BGP peer or exploit other flaws and misconfigurations to compromise a legitimate peer and then issue a specially-crafted unsolicited BGP OPEN message.

     

    This is achieved by taking advantage of the fact that "FRRouting begins to process OPEN messages (e.g., decapsulating optional parameters) before it gets a chance to verify the BGP Identifier and ASN fields of the originating router."

     

    Forescout has also made available an open source tool called bgp_boofuzzer that allows organizations to test the security of the BGP suites used internally as well as find new flaws in BGP implementations.

     

    "Modern BGP implementations still have low-hanging fruits that can be abused by attackers," Forescout said. "To mitigate the risk of vulnerable BGP implementations, [...] the best recommendation is to patch network infrastructure devices as often as possible."

     

    The findings come weeks after ESET found that secondhand routers previously used in business networking environments harbored sensitive data, including corporate credentials, VPN details, cryptographic keys, and other vital customer information.

    "In the wrong hands, the data gleaned from the devices – including customer data, router-to-router authentication keys, application lists, and much more – is enough to launch a cyberattack," the Slovak cybersecurity firm said.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...