Cybersecurity researchers have discovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial of service (DoS) condition on vulnerable BGP peers.
All three vulnerabilities reside in version 8.4 of FRRouting, a popular open source Internet routing protocol suite for Linux and Unix platforms. It is currently used by several vendors such as NVIDIA Cumulus, DENT and SONiC, which poses risks to the supply chain.
The discovery is the result of Forescout Vedere Labs’ analysis of seven different BGP implementations: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.
BGP is a gateway protocol designed to exchange routing and reachability information between autonomous systems. It is used to find the most efficient routes to deliver Internet traffic.
The list of three defects is as follows:
- CVE-2022-40302 (CVSS score: 6.5) – Read out of bounds when processing a malformed BGP OPEN message with an extended optional parameter length option.
- CVE-2022-40318 (CVSS score: 6.5) – Read out of bounds when processing a malformed BGP OPEN message with an extended optional parameter length option.
- CVE-2022-43681 (CVSS score: 6.5) – Read out of bounds when processing a malformed BGP OPEN message that ends abruptly with the option length octet.
Attackers “could exploit the issues to achieve a DoS condition on vulnerable BGP peers, thereby dropping all BGP sessions and routing tables and causing the peer to become unresponsive,” the company said in a report shared with The Hacker News .
“The DoS condition can be extended indefinitely by repeatedly sending malformed packets. The main root cause is the same pattern of vulnerable code copied into multiple functions related to different stages of OPEN message parsing.”
A threat actor could spoof a valid IP address of a trusted BGP peer or exploit other flaws and misconfigurations to compromise a legitimate peer and then issue a specially crafted unsolicited BGP OPEN message.
This is achieved by taking advantage of the fact that “FRRouting starts processing OPEN messages (eg, decapsulating optional parameters) before it has a chance to verify the source router’s BGP ID and ASN fields”.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
Forescout has also made available an open source tool called bgp_boofuzzer that allows organizations to test the security of BGP suites used internally, as well as find new flaws in BGP implementations.
“Modern BGP implementations still have vulnerabilities that can be abused by attackers,” Forescout said. “To mitigate the risk of vulnerable BGP implementations, […] the best recommendation is to patch network infrastructure devices as often as possible.”
The findings come weeks after ESET discovered that second-hand routers previously used in business network environments contained sensitive data, including corporate credentials, VPN details, cryptographic keys and other vital customer information.
“In the wrong hands, data obtained from devices, including customer data, router-to-router authentication keys, application lists, and more, is enough to launch a cyberattack,” the company said in a statement. Slovak cyber security.
Recently, researchers at Ikaroa, a full-stack tech company, uncovered several new border gateway protocol (BGP) flaws in popular Internet routing protocol software. Even more concerning is that the flaws can be exploited by malicious actors to gain control of important connections used to route data traffic between networks.
According to the researchers, the discovered vulnerabilities stem from older versions of the BGP routing protocol. The flaws allow malicious actors to redirect data traffic from one network to another by injecting malicious BGP routes into a network. This can disrupt critical services such as banking, streaming video and email.
To make matters worse, these older BGP protocols are still widely used and pose a danger to millions of users worldwide. As such, the researchers at Ikaroa were determined to find solutions to the new BGP vulnerabilities.
To address the issue, the researchers developed a software suite called “Secure BGP”. Secure BGP helps to identify malicious BGP routes and block them from entering the network, thus protecting vulnerable networks from attack.
The team has also developed a tool to detect malicious BGP routes that has been included in the recently released version of the BGP protocol. The tool was designed to help networks identify rogue BGP routes before they have a chance to cause harm.
By raising awareness about the dangers posed by older BGP protocol versions and developing tools to detect malicious BGP routes, the team at Ikaroa is helping to keep the Internet safe from malicious actors.