CVE-2022-20758

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This is due to the incorrect processing of a BGP update message that contains specific EVPN attributes. An attacker could exploit this vulnerability by sending a BGP update message with specific EVPN attributes. The attacker must control a BGP speaker with an established trusted peer connection to an affected device configured with the address family L2VPN EVPN. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition.

Recommendations To resolve this issue, update to a version of Cisco IOS XR Software that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the BGP update message with specific EVPN attributes to minimize the risk of exploitation. Restrict access to the BGP network to only explicitly defined peers. Avoid using the L2VPN EVPN address family until the issue is resolved. Note that there are no workarounds that address this vulnerability.