Vulnerability in RPKI Implementation Could Lead to Denial of Service
CVE-2021-1440

6.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco iOS Xr Software
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability in the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software enables remote attackers to induce a denial of service (DoS) condition. This occurs due to improper processing of a specific RTR Protocol packet header. Attackers may exploit this by compromising an RPKI validator server or using man-in-the-middle techniques to send malicious RTR packets to devices running affected software. Successful exploitation leads to instability in BGP routing, as the BGP process could continually crash and restart. Cisco has provided updates to rectify this issue, with no effective workarounds available.

Affected Version(s)

Cisco IOS XR Software 6.6.1

Cisco IOS XR Software 6.5.3

Cisco IOS XR Software 7.0.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.