CVE-2022-20623 An attacker could exploit a vulnerability in BFD traffic on Cisco NX-OS switches to drop traffic.

CVE-2022-20623 An attacker could exploit a vulnerability in BFD traffic on Cisco NX-OS switches to drop traffic.

The following example shows how an unauthenticated, remote attacker could exploit this vulnerability by sending a crafted stream of traffic through an affected device. The attacker would need to follow a certain set of steps in order to exploit this vulnerability. This is because the traffic that is sent through the device must be a BFD session. An attacker would need to establish a BFD session with an affected device. The BFD session must be a type 10 session. The BFD session must have a BFD session limit of 1. The BFD session must have a BFD session direction of bidirectional. The BFD session must have a BFD session priority of 0. Once these steps have been completed, the attacker would need to send a crafted BFD stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. This is a type 9 session. The BFD session must have a BFD session limit of 1. The BFD session must have a BFD session direction of bidirectional. The BFD session must have a BFD session priority of 0. Once these steps have been completed, the attacker would need to send a crafted BFD stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. This is a type 10 session. The BFD session must have a BFD session limit of

Vulnerability Scenario

Remotely exploited vulnerability.

An unauthenticated, remote attacker can exploit this vulnerability to cause BFD traffic to be dropped, resulting in sessions flapping.

Medical Device Examples: How to identify if your device is affected

The following example shows how a remote attacker could exploit this vulnerability by sending a crafted stream of traffic through an affected device. The attacker would need to follow a certain set of steps in order to exploit this vulnerability. This is because the traffic that is sent through the device must be a BFD session. An attacker would need to establish a BFD session with an affected device. The BFD session must be of type 10 or type 9. The BFD session must have a BFD session limit of 1 or 0, respectively. The BFD session must have a BFD session direction of bidirectional or unidirectional, respectively. The BFD session must have a BFD session priority of 0 or 1, respectively. Once these steps have been completed, the attacker would need to send a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause packets (BFD sessions) to be dropped, resulting in denial-of-service conditions for all devices connected to the same network segment as the vulnerable medical devices and for any other devices within range of those medical devices during that time frame, which could result in loss of patient care and death

Vulnerable Device Brands and Models

-  The following vulnerable devices are known to be affected by this vulnerability:
-   Huawei USG -  Huawei USG10, Huawei USG20, and Huawei USG30.
-
- The following vulnerable devices are believed to be affected by this vulnerability:
-   Cisco ASR 1000 Series Routers -  Cisco ASR 1000 Series Routers that are running 12.4(1)I3, 12.4(1)I5, or 12.4(2)XE software versions.
-
- The following vulnerable devices are considered likely to be affected by this vulnerability:
-    Alcatel Lucent 3PC FIPS/PNP/ESP Inspection Suite - Alcatel Lucent 3PC FIPS/PNP/ESP Inspection Suite that is running an operating system of 7.0 or later on the following device models: PSS 2BXL, PSD 5A2X and PSS 5A2X.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe