Cisco NX-OS Border Gateway Protocol DoS (cisco-sa-20161005-bgp)

medium Nessus Plugin ID 130597

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, a denial of service (DoS) vulnerability exists in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software due to incomplete input validation of BGP update messages. An unauthenticated, remote attacker can exploit this issue, by sending a crafted BGP update message to the targeted device, to cause the switch to reload unexpectedly. As the Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or be able to inject malformed messages into the victim's BGP network.
This vulnerability can only be triggered when the router receives a malformed BGP message from a peer on an existing BGP session, so at least one BGP neighbor session must be established for a router to be vulnerable.

This vulnerability is not remotely exploitable if all BGP peers to the NX-OS Software are Cisco IOS, IOS-XE, or IOS-XR device and those device are not configured for Cisco Multicast VPN (MVPN) interautonomous system support.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCuq77105 or CSCux11417.

See Also

http://www.nessus.org/u?3be03020

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuq77105

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux11417

Plugin Details

Severity: Medium

ID: 130597

File Name: cisco-sa-20161005-bgp.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 11/7/2019

Updated: 4/29/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2016-1454

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Device, Host/Cisco/NX-OS/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 10/5/2016

Vulnerability Publication Date: 10/5/2016

Reference Information

CVE: CVE-2016-1454

BID: 93417