Researchers Discovered a Number of Problems in the BGP Protocol

a number of problems in BGP
Written by Emma Davis

Researchers have discovered a number of serious problems in the software implementation of the Border Gateway Protocol (BGP) that can be used to induce a denial of service (DoS) on vulnerable BGP peers.

Let me remind you that we also wrote that Vulnerabilities in MiCODUS GPS Trackers Allow Remote Car Hacking, and also that GPS devices may behave unpredictably in the coming days due to a bug in the GPS Daemon.

Vulnerabilities were found in FRRouting version 8.4, a popular open source Internet routing protocol suite for Linux and Unix platforms. It is currently used by many vendors, including NVIDIA Cumulus, DENT and SONiC, posing risks to the supply chain.

You might also be interested to know that NVIDIA fixed two serious bugs in GeForce Experience.

The issues were identified in a Forescout Vedere Labs analysis of seven different BGP implementations: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.

a number of problems in BGP
The list of deficiencies found is the following:

  1. CVE-2022-40302 (CVSS score 6.5) – out-of-bounds read when processing a malformed BGP OPEN message with the Extended Optional Parameters Length option;
  2. CVE-2022-40318 (CVSS score 6.5) – out-of-bounds read when processing a malformed BGP OPEN message with the Extended Optional Parameters Length option;
  3. CVE-2022-43681 (CVSS score 6.5) – Out-of-bounds read while processing a malformed BGP OPEN message.

The experts write that these issues “can be exploited by attackers to induce a DoS condition on vulnerable BGP peers, which will cause all BGP sessions and routing tables to be dropped and the peer to become unresponsive.”

Denial of Service can be extended indefinitely by repeatedly sending malformed packets. The main reason is the same vulnerable code pattern copied into several functions associated with different stages of parsing OPEN messages.the researchers write.

Analysts attached to their report a link to a Python-based BGP Fuzzer open source tool that will help organizations test BGP security and find new flaws in its implementations.

Modern BGP implementations still have problems that can be easily abused by attackers. To mitigate the risks of using vulnerable BGP implementations, the best recommendation is to patch network infrastructure devices as often as possible.Forescout says.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply