Endpoint/Device Security

Novel BGP bugs in FRRouting could prompt DoS issues

Vulnerable Border Gateway Protocol peers could be impacted with a denial-of-service condition through the exploitation of three vulnerabilities in the widely used FRRouting internet routing protocol software, The Hacker News reports. Threat actors could leverage the BGP message parsing vulnerabilities impacting version 8.4 of FRRouting, tracked as CVE-2022-40302, CVE-2022-40318, and CVE-2022-43681, to facilitate BGP session and routing table disruptions, resulting in an unresponsive peer, a report from Forescout revealed. "The DoS condition may be prolonged indefinitely by repeatedly sending malformed packets. The main root cause is the same vulnerable code pattern copied into several functions related to different stages of parsing OPEN messages," said Forescout. The vulnerabilities should prompt immediate and continuous patching of network infrastructure devices amid persistent attacks aimed at modern BGP implementations, according to Forescout. Such findings follow ESET's discovery of sensitive data in old routers that are being resold in the secondhand market.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.