CVE-2020-3449

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: The issue is related to the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software. It is caused by an incorrect calculation of lexicographical order when displaying additional path information, leading to an infinite loop. An unauthenticated, remote attacker could exploit this by sending a specific BGP update from a BGP neighbor peer session of an affected device. The vulnerability can be triggered when an authorized user issues a show bgp command, allowing the attacker to prevent authorized users from monitoring the BGP status and causing the BGP process to stop processing new updates. This results in a denial of service condition and outdated information in the routing and forwarding tables.

Recommendations: For Cisco IOS XR Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the BGP neighbor peer session to minimize the risk of exploitation. Avoid using the show bgp command on affected devices until the issue is resolved.