The following example shows how an unauthenticated, remote attacker could exploit this vulnerability by sending a crafted stream of traffic through an affected device. The attacker would need to follow a certain set of steps in order to exploit this vulnerability. This is because the traffic that is sent through the device must be a BFD session. An attacker would need to establish a BFD session with an affected device. The BFD session must be a type 10 session. The BFD session must have a BFD session limit of 1. The BFD session must have a BFD session direction of bidirectional. The BFD session must have a BFD session priority of 0. Once these steps have been completed, the attacker would need to send a crafted BFD stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. This is a type 9 session. The BFD session must have a BFD session limit of 1. The BFD session must have a BFD session direction of bidirectional. The BFD session must have a BFD session priority of 0. Once these steps have been completed, the attacker would need to send a crafted BFD stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. This is a type 10 session. The BFD session must have a BFD session limit of
Vulnerability Scenario
Remotely exploited vulnerability.
An unauthenticated, remote attacker can exploit this vulnerability to cause BFD traffic to be dropped, resulting in sessions flapping.
Medical Device Examples: How to identify if your device is affected
The following example shows how a remote attacker could exploit this vulnerability by sending a crafted stream of traffic through an affected device. The attacker would need to follow a certain set of steps in order to exploit this vulnerability. This is because the traffic that is sent through the device must be a BFD session. An attacker would need to establish a BFD session with an affected device. The BFD session must be of type 10 or type 9. The BFD session must have a BFD session limit of 1 or 0, respectively. The BFD session must have a BFD session direction of bidirectional or unidirectional, respectively. The BFD session must have a BFD session priority of 0 or 1, respectively. Once these steps have been completed, the attacker would need to send a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause packets (BFD sessions) to be dropped, resulting in denial-of-service conditions for all devices connected to the same network segment as the vulnerable medical devices and for any other devices within range of those medical devices during that time frame, which could result in loss of patient care and death
Vulnerable Device Brands and Models
- The following vulnerable devices are known to be affected by this vulnerability:
- Huawei USG - Huawei USG10, Huawei USG20, and Huawei USG30.
-
- The following vulnerable devices are believed to be affected by this vulnerability:
- Cisco ASR 1000 Series Routers - Cisco ASR 1000 Series Routers that are running 12.4(1)I3, 12.4(1)I5, or 12.4(2)XE software versions.
-
- The following vulnerable devices are considered likely to be affected by this vulnerability:
- Alcatel Lucent 3PC FIPS/PNP/ESP Inspection Suite - Alcatel Lucent 3PC FIPS/PNP/ESP Inspection Suite that is running an operating system of 7.0 or later on the following device models: PSS 2BXL, PSD 5A2X and PSS 5A2X.
Timeline
Published on: 02/23/2022 18:15:00 UTC
Last modified on: 03/02/2022 15:37:00 UTC