CVE-2018-15428

MEDIUM

Cisco IOS XR - Denial of Service via Malformed BGP Update Message

Title source: llm
STIX 2.1

Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041790

Scores

CVSS v3 6.8
EPSS 0.0195
EPSS Percentile 77.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (10)
cisco/ios_xr 6.0.1
cisco/ios_xr 6.0.2
cisco/ios_xr 6.1.1
cisco/ios_xr 6.1.2
cisco/ios_xr 6.1.3
cisco/ios_xr 6.1.4
cisco/ios_xr 6.2.1
cisco/ios_xr 6.2.2
cisco/ios_xr 6.2.3
cisco/ios_xr 6.4.1
Published Oct 05, 2018
Tracked Since Feb 18, 2026