Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
May 02, 2023
Network Security / Vulnerability
Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting , a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several vendors like NVIDIA Cumulus , DENT , and SONiC , posing supply chain risks. The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS. BGP is a gateway protocol that's designed to exchange routing and reachability information between autonomous systems. It's used to find the most efficient routes for delivering internet traffic. The list of three flaws is as follows - CVE-2022-40302 (CVSS score: 6.5) - ...