Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers

Cisco
fixed
a
high-severity
DoS
vulnerability
(CVE-2023-20049)
in
IOS
XR
software
that
impacts
several
enterprise
routers.

Cisco
has
released
security
updates
to
address
a
high-severity
DoS
vulnerability,
tracked
as
CVE-2023-20049
(CVSS
score
of
8.6),
in
IOS
XR
software
used
by
several
enterprise-grade
routers.

The
vulnerability
resides
in
the
bidirectional
forwarding
detection
(BFD)
hardware
offload
feature
of
Cisco
IOS
XR
Software
for
Cisco
ASR
9000
Series
Aggregation
Services
Routers,
ASR
9902
Compact
High-Performance
Routers,
and
ASR
9903
Compact
High-Performance
Routers.

An
unauthenticated,
remote
attacker
can
trigger
the
flaw
to
cause
a
line
card
to
reset,
resulting
in
a
denial
of
service
(DoS)
condition.

An
attacker
can
trigger
the
CVE-2023-20049
vulnerability
by
sending
a
crafted
IPv4
BFD
packet
to
a
vulnerable
device.

“This
vulnerability
is
due
to
the
incorrect
handling
of
malformed
BFD
packets
that
are
received
on
line
cards
where
the
BFD
hardware
offload
feature
is
enabled.”
reads
the


advisory
published
by
the
vendor.
“.
A
successful
exploit
could
allow
the
attacker
to
cause
line
card
exceptions
or
a
hard
reset,
resulting
in
loss
of
traffic
over
that
line
card
while
the
line
card
reloads.”

This
flaw
affects
Cisco
routers
running
a
vulnerable
release
of
Cisco
IOS
XR
64-bit
Software
and
have
BFD
hardware
offload
enabled
for
any
of
the
installed
line
cards:

• ASR
  9000
  Series
  Aggregation
  Services
  Routers
  only
  if
  they
  have
  a
  Lightspeed
  or
  Lightspeed-Plus-based
  line
  card
  installed
• ASR
  9902
  Compact
  High-Performance
  Routers
• ASR
  9903
  Compact
  High-Performance
  Routers

The
company
pointed
out
that
this
vulnerability
does
not
affect
the
following
Cisco
products:

• IOS
  Software
• IOS
  XE
  Software
• IOS
  XR
  Platforms
  not
  listed
  in
  the Vulnerable
  Products section
  of
  this
  advisory

As
a
workaround,
Cisco
recommends
disabling
the
BFD
hardware
offload
and
creating
Infrastructure
Access
Control
lists.

The
IT
giant
addressed
the
issue
with
the
release
of
IOS
XR
versions
7.5.3,
7.6.2,
and
7.7.1.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon

Pierluigi Paganini

(SecurityAffairs –

hacking,
routers)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts