Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)

medium Nessus Plugin ID 93123

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The Cisco IOS XE Software running on the remote device is missing a security patch. It is, therefore, affected by a denial of service vulnerability in the Border Gateway Protocol (BGP) message processing functions due to improper processing of BGP attributes. An authenticated, remote attacker can exploit this, via specially crafted BGP messages under certain unspecified conditions, to cause the affected device to reload.

Note that Nessus has not tested for the presence of the workarounds referenced in the vendor advisory.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20160715-bgp. Alternatively, set a 'maxpath-limit' value for BGP MIBs or suppress the use of BGP MIBs.

See Also

http://www.nessus.org/u?94ed1c7e

Plugin Details

Severity: Medium

ID: 93123

File Name: cisco-sa-20160715-bgp-iosxe.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 8/26/2016

Updated: 12/1/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2016-1459

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/15/2016

Vulnerability Publication Date: 7/15/2016

Reference Information

CVE: CVE-2016-1459

BID: 91800

CISCO-SA: cisco-sa-20160715-bgp

CISCO-BUG-ID: CSCuz21061