BGP Confederation Memory Corruption Vulnerability in Cisco IOS XR Software
A vulnerability exists in the confederation implementation for Border Gateway Protocol (BGP) in Cisco IOS XR Software. This security issue allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability stems from memory corruption that happens when a BGP update is created with an AS_CONFED_SEQUENCE attribute containing 255 autonomous system numbers. An attacker could exploit this by sending a crafted BGP update message or by manipulating network design to make the AS_CONFED_SEQUENCE attribute grow to 255 AS numbers or more. A successful exploit could trigger memory corruption, potentially causing the BGP process to restart and leading to a DoS condition. To carry out this attack, an attacker must either control a BGP confederation speaker within the same autonomous system as the victim or design the network in a way that allows the AS_CONFED_SEQUENCE attribute to reach 255 AS numbers.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco cisco ios xr software |
Cisco IOS XR vulnerability lets attackers crash BGP on routers By Sergiu Gatlan March 14, 2025 12:44 PM 0 Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company's carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This hi...
Vulmon