Reachable Assertion in Cisco Systems, Inc Other software

#VU62315 Reachable Assertion in Cisco Systems, Inc Other software

Published: 2022-04-14

Vulnerability identifier: #VU62315

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20694

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the implementation of the Resource Public Key Infrastructure (RPKI) feature. A remote attacker can send a specially crafted RTR packet and cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: 016.000

Cisco 1000 Series Integrated Services Routers: All versions

Cisco 4000 Series Integrated Services Routers: All versions

Cisco 8000 Series Routers: All versions

Cisco 9800 Series Wireless Controllers: All versions

Cisco ASR 1000 Series Aggregation Services Routers: All versions

Cisco ASR 900 Series Aggregation Services Routers: All versions

Cisco ASR 920 Series Aggregation Services Router: All versions

Catalyst 3650 Series Switches: All versions

Catalyst 3850 Series Switches: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8200 Series Edge uCPE: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Universal CPE: All versions

Catalyst 8500 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Catalyst 9200 Series Switches: All versions

Catalyst 9300 Series Switches: All versions

Catalyst 9400 Series Switches: All versions

Catalyst 9500 Series Switches: All versions

Catalyst 9500H Series Switches: All versions

Catalyst 9600 Series Switches: All versions

Catalyst 9800 Series Wireless Controllers: All versions

Catalyst Cellular Gateways: All versions

Catalyst ESS9300 Embedded Series Switch: All versions

Catalyst IE3200 Rugged Series: All versions

Catalyst IE3300 Rugged Series: All versions

Catalyst IE3400 Heavy Duty Series: All versions

Catalyst IE3400 Rugged Series: All versions

Catalyst IE9300 Rugged Series: All versions

Cloud Services Router 1000V Series: All versions

ESR6300 Embedded Series Routers: All versions

Embedded Services 3300 Series Switches: All versions

Integrated Services Virtual Router: All versions

Network Convergence System 500 Series Routers: All versions

cBR Series Converged Broadband Routers: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rpki-dos-2EgCNeKE

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco IOS XE Software Resource Public Key Infrastructure