Researchers have warned of flaws in the software implementation of the Border Gateway Protocol (BGP) that can be exploited to induce a denial of service (DoS) attack on vulnerable BGP peers.
Vulnerabilities were found in FRRouting version 8.4, a popular open source Internet routing protocol suite for Linux and Unix platforms. It is currently used by many vendors, including NVIDIA Cumulus, DENT and SONiC, posing risks to the supply chain.
The issues were identified in a Forescout Vedere Labs analysis of seven different BGP implementations: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.
The list of deficiencies found is as follows:
CVE-2022-40302(6.5 CVSS) – Out-of-bounds read when processing a malformed BGP OPEN message with the Extended Optional Parameters Length option;
CVE-2022-40318(CVSS score 6.5) – Out-of-bounds read when processing a malformed BGP OPEN message with the Extended Optional Parameters Length option;
CVE-2022-43681(CVSS Score 6.5) – Out-of-bounds read while processing a malformed BGP OPEN message.
Experts have stated that these issues “can be exploited by attackers to induce a DoS condition on vulnerable BGP peers, which will cause all BGP sessions and routing tables to be dropped and the peer to become unresponsive.”
“Denial of Service can be extended indefinitely by repeatedly sending malformed packets. The main reason is the same vulnerable code pattern copied into several functions associated with different stages of parsing OPEN messages,” the researchers explain.
To help organizations test BGP security and find new flaws in its implementations, analysts have attached a link to a Python-based BGP Fuzzer open source tool to their report.