Cisco IOS XE BGP EVPN Remote DoS Vulnerability (CVE-2017-12319)

Key Information Advisory ID: cisco-sa-20171103-bgp Severity: Medium CVE ID: CVE-2017-12319 CVSS Score: Base 6.8 Cisco Bug IDs: CSCui67191, CSCvg52875 Vulnerability Description Summary: - A vulnerability exists in the implementation of the Border Gateway Protocol (BGP) over Ethernet Virtual Private Network (EVPN), which may allow an unauthenticated remote attacker to cause a device reboot, resulting in a Denial of Service (DoS) or potentially corrupt the BGP routing table, leading to network instability. - The vulnerability arises from changes in the implementation of BGP MPLS-Based Ethernet VPN RFC (RFC 7432) across different versions of Cisco IOS XE software. Affected Products Vulnerable Products: - All Cisco IOS XE software versions prior to 16.3 that support BGP EVPN configuration are affected. - Devices not configured with EVPN are not vulnerable. Solution Fixed Software: The vulnerability has been fixed in Cisco IOS XE software version 16.3 and later. Workarounds: No temporary workarounds are available. Exploitation and Public Announcements Exploitation and Public Announcements: - In March 2022, Cisco Product Security Incident Response Team (PSIRT) observed additional attempts to exploit this vulnerability in the wild. - Cisco strongly recommends customers upgrade to a fixed software version to mitigate the impact of this vulnerability. Source Source: - The vulnerability was reported to Cisco by a customer via a Cisco TAC case. - View more

Goal Reached Thanks to every supporter — we hit 100%!

Cisco IOS XE BGP EVPN Remote DoS Vulnerability (CVE-2017-12319)