Connect with us

Hi, what are you looking for?


Network Security

BGP Flaw Can Be Exploited for Prolonged Internet Outages

Serious flaw affecting major BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it. 

A serious flaw affecting several major Border Gateway Protocol (BGP) implementations can be exploited to cause prolonged internet outages, but some vendors are not patching it, a researcher warned on Tuesday.

The issue was discovered by Ben Cartwright-Cox, the owner of BGP.Tools, a company that provides monitoring services to help organizations quickly identify and address BGP-related issues.  

BGP is the gateway protocol used for exchanging routing information between autonomous systems on the internet. BGP hijacking and leaks can be used to redirect users to arbitrary sites or cause severe disruptions. 

BGP exchanges UPDATE messages to advertise routing information, including IP ranges and an attribute that provides additional context. 

The problem identified by Cartwright-Cox is related to these attributes and the ability of BGP implementations to handle them. Specifically, if a router does not understand an attribute, it may pass it along without impact, but if it does understand it and the attribute is corrupted, an error can be triggered and the BGP session is shut down, preventing the affected network from communicating with the rest of the internet. 

“With some reasonably educated crafting of a payload, someone could design a BGP UPDATE that ‘travels’ along the internet unharmed, until it reaches a targeted vendor and results in that vendor resetting sessions. If that data comes down the BGP connections that are providing wider internet access for the network, this could result in a network being pulled offline from the internet,” Cartwright-Cox explained in a blog post. 

“This attack is not even a one-off ‘hit-and-run’, as the ‘bad’ route is still stored in the peer router; when the session restarts the victim router will reset again the moment the route with the crafted payload is transmitted again. This has the potential to cause prolonged internet or peering outages,” the researcher added.

Advertisement. Scroll to continue reading.

This is not just a theoretical problem. Cartwright-Cox started researching the issue after a small Brazilian network announced an internet route with a corrupt attribute in early June, causing serious disruptions in other networks. 

The expert has created a basic fuzzer to test whether various BGP implementations are impacted. He found that MikroTik, Ubiquiti, Arista, Huawei, Cisco and Bird are not affected.

His tests showed that Juniper Networks’ Junos OS, Nokia’s SR-OS, Extreme Networks’ EXOS, OpenBSD’s OpenBGPd, and FRRouting are impacted. 

Cartwright-Cox reported his findings to impacted vendors, but said only OpenBSD (CVE-2023-38283) rushed to create a patch. Juniper and FRR developers have assigned the CVE identifiers CVE-2023-4481 and CVE-2023-38802, respectively. Juniper has published an advisory informing customers about the availability of patches. Nokia and Extreme apparently do not plan on addressing the issue.

However, there are steps that organizations can take to prevent potential exploitation, and Cartwright-Cox reached out to some of the impacted organizations himself — advising them to implement mitigations — when seeing that vendors refused to alert customers. 

The researcher described the vendor disclosure process as time-consuming and frustrating.

“If the goal of reporting security flaws is to reduce harm to their customers, I’m not convinced that reporting problems to vendors has enough of an effective impact to be worth doing, vs the loss of personal time and sanity,” Cartwright-Cox said.

*updated to clarify that Juniper has released patches and added link to Juniper advisory

Related: Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions

Related: Google Services Inaccessible Due to BGP Leak

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...