{"vuid":"VU#689326","idnumber":"689326","name":"Cisco IOS vulnerable to DoS via malformed BGP packet","keywords":["cisco","ios","bgp","log-neighbor-changes","dos","router"],"overview":"A  vulnerability in Cisco's Internetwork Operating System (IOS) could result in a remotely exploitable denial of service.","clean_desc":"Cisco Internetwork Operating System (IOS) includes support for Border Gateway Protocol (BGP), which is defined in RFC 1771. BGP is designed to exchange network reachability information between peer nodes. Information advertised by a BGP system to its peers includes timers, metrics, and paths to different Autonomous System (AS) networks. Routing between AS networks depends on BGP, and the Internet is a network of AS networks. Therefore, vulnerabilities in BGP have the potential to affect the Internet infrastructure. A Cisco device running IOS that is enabled for BGP is vulnerable to a denial-of-service attack via a malformed BGP packet. The specific nature of the crafted packets exploiting this vulnerability is not known. IOS is vulnerable only if the device is set up with the bgp log-neighbor-changes command.","impact":"By sending a specially crafted BGP packet to an affected device, a remote attacker could cause the device to reload. Repeated exploitation of this vulnerability could result in a denial-of-service condition. Because BGP must be configured to accept traffic from an explicitly defined peer, exploitation would be difficult from an untrusted host.","resolution":"Apply a patch or upgrade\nPlease refer to the \"Software Versions and Fixes\" section of the Cisco Security Advisory for more information on upgrading.","workarounds":"Workarounds Cisco recommends a number of workarounds. For a complete list of workarounds, see the \"Workarounds\" section of the Cisco Security Advisory.","sysaffected":"","thanks":"Thanks to Cisco PSIRT for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["h","t","t","p",":","/","/","w","w","w",".","c","i","s","c","o",".","c","o","m","/","w","a","r","p","/","p","u","b","l","i","c","/","7","0","7","/","c","i","s","c","o","-","s","a","-","2","0","0","5","0","1","2","6","-","b","g","p",".","s","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-26T12:59:45Z","publicdate":"2005-01-26T00:00:00Z","datefirstpublished":"2005-01-26T16:48:39Z","dateupdated":"2005-01-26T16:51:50Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"13","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"20","cam_impact":"7","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"12.1275","cam_scorecurrentwidelyknown":"14.7","cam_scorecurrentwidelyknownexploited":"22.05","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.1275,"vulnote":null}