Cybersecurity researchers have identified significant vulnerabilities within the Border Gateway Protocol (BGP) software, specifically in version 8.4 of FRRouting, an open-source internet routing protocol suite utilized across various Linux and Unix platforms. The flaws expose vulnerable BGP peers to denial-of-service (DoS) attacks, potentially incapacitating BGP sessions and routing tables.
The affected software is widely employed by esteemed vendors in the networking sector, including NVIDIA Cumulus, DENT, and SONiC, presenting substantial supply chain concerns. The vulnerabilities were unveiled through an exhaustive analysis conducted by Forescout Vedere Labs, which assessed seven BGP implementations, namely FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS.
BGP is a critical gateway protocol that facilitates the exchange of routing and reachability information among autonomous systems, crucial for optimizing internet traffic flow. The findings have raised alarms, considering the potential impact on the integrity of internet communications.
The vulnerabilities consist of three distinct flaws, all sharing a common out-of-bounds read issue during processing of malformed BGP OPEN messages. Specifically, they are cataloged as CVE-2022-40302, CVE-2022-40318, and CVE-2022-43681, each bearing a CVSS score of 6.5. Attackers can exploit these weaknesses to mount DoS conditions on targeted BGP peers, effectively rendering them unresponsive by dropping essential BGP sessions.
Forescout’s report warns that attackers could utilize spoofed IP addresses from trusted BGP peers or leverage other existing vulnerabilities to compromise a legitimate peer. By issuing specially crafted unsolicited BGP OPEN messages, adversaries can exploit the timing of message processing within the FRRouting software, which does not adequately verify the integrity of the originating router’s BGP Identifier and ASN fields prior to processing. This oversight allows for the transmission of malformed packets, potentially leading to extended exploitation.
In light of these discoveries, Forescout has introduced a Python-based open source BGP Fuzzer tool, designed to assist organizations in evaluating their internal BGP implementations for security weaknesses. The firm emphasizes the continued presence of exploitable vulnerabilities in modern BGP systems, advocating for regular patching of network infrastructure devices as a primary defense measure.
These revelations arrive shortly after findings from ESET, which disclosed that secondhand routers sourced from business networking contexts contained sensitive data, including corporate credentials and cryptographic keys. Such scenarios underscore the importance of proper data hygiene, as compromised devices hold the potential to facilitate significant cyber threats.
As the cybersecurity landscape continually evolves, addressing vulnerabilities within foundational protocols like BGP is critical. The MITRE ATT&CK framework highlights various tactics that could be at play, including initial access through spoofing and privilege escalation via misconfiguration exploitation. Consequently, organizations must remain vigilant in their cybersecurity practices to mitigate such risks effectively.