A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:N/AC:M/Au:N/C:N/I:N/A:C
This CVE is not in the KEV list.
Exploitation none
Automatable no
Technical Impact partial
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 06 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2022-04-15T14:15:56.231838Z
Updated: 2024-11-06T16:26:43.253Z
Reserved: 2021-11-02T00:00:00
Link: CVE-2022-20694
Vulnrichment
Updated: 2024-08-03T02:24:48.558Z
NVD
Status : Modified
Published: 2022-04-15T15:15:12.870
Modified: 2023-11-07T03:42:38.697
Link: CVE-2022-20694
Redhat
No data.