Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions

A widely used BGP implementation is affected by three vulnerabilities that can be exploited to cause disruption through denial-of-service (DoS) attacks, according to cybersecurity firm Forescout.

The Border Gateway Protocol (BGP) plays an important role in the way the internet works. It serves as the main routing protocol, allowing autonomous systems (AS) — networks or network groups that have a unified routing policy — to exchange information on routing and reachability.

BGP was not designed with security in mind and it can be abused to redirect traffic for malicious purposes. In addition, BGP incidents can lead to widespread disruption. 

While BGP itself has long been found to be insecure, Forescout researchers decided to also analyze various projects that implement BGP. They have analyzed the open source tools FRRouting, BIRD and OpenBGPd, as well as the closed source software Mikrotik RouterOS, Juniper JunOS, Cisco IOS and Arista EOS.

On Tuesday, the company revealed that FRRouting (FFR), which implements BGP and various other internet routing protocols, is affected by three vulnerabilities that can be exploited for DoS attacks. 

According to its website, FFR is used by ISPs, SaaS infrastructure, web 2.0 businesses, hyperscale services, and Fortune 500 private clouds.

The security holes are tracked as CVE-2022-40302, CVE-2022-40318 and CVE-2022-43681, and they have been described as out-of-bounds read issues related to the processing of malformed BGP OPEN messages. 

The developer was informed about the vulnerabilities and released patches.

“Two of these issues (CVE-2022-40302 and CVE-2022-43681) can be triggered before FRRouting validates BGP Identifier and ASN fields. While FRRouting only allows connections between configured peers by default (e.g., OPEN messages from hosts not present in the config files will not be accepted), in this case attackers only need to spoof a valid IP address of a trusted peer,” Forescout explained. 

“Another possibility for the attacker is to take advantage of misconfigurations or attempt to compromise a legitimate peer by exploiting other vulnerabilities. Similar DoS vulnerabilities in FRRouting have already caused notable disruptions, and they must be fixed,” the company added.

Alongside its findings, Forescout has released an open source tool that organizations can use to test the security of internally used BGP suites. The tool can also be used by researchers to find flaws in BGP implementations.

Related: ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 

Related: OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Related: Embrace RPKI to Secure BGP Routing, Cloudflare Says