CVE-2025-20115
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS XR Software | 6.5.3 | affected |
| Cisco | Cisco IOS XR Software | 6.5.29 | affected |
| Cisco | Cisco IOS XR Software | 6.5.1 | affected |
| Cisco | Cisco IOS XR Software | 6.6.1 | affected |
| Cisco | Cisco IOS XR Software | 6.5.2 | affected |
| Cisco | Cisco IOS XR Software | 6.5.92 | affected |
| Cisco | Cisco IOS XR Software | 6.5.15 | affected |
| Cisco | Cisco IOS XR Software | 6.6.2 | affected |
| Cisco | Cisco IOS XR Software | 7.0.1 | affected |
| Cisco | Cisco IOS XR Software | 6.6.25 | affected |
| Cisco | Cisco IOS XR Software | 6.5.26 | affected |
| Cisco | Cisco IOS XR Software | 6.6.11 | affected |
| Cisco | Cisco IOS XR Software | 6.5.25 | affected |
| Cisco | Cisco IOS XR Software | 6.5.28 | affected |
| Cisco | Cisco IOS XR Software | 6.5.93 | affected |
| Cisco | Cisco IOS XR Software | 6.6.12 | affected |
| Cisco | Cisco IOS XR Software | 6.5.90 | affected |
| Cisco | Cisco IOS XR Software | 7.0.0 | affected |
| Cisco | Cisco IOS XR Software | 7.1.1 | affected |
| Cisco | Cisco IOS XR Software | 7.0.90 | affected |
| Cisco | Cisco IOS XR Software | 6.6.3 | affected |
| Cisco | Cisco IOS XR Software | 6.7.1 | affected |
| Cisco | Cisco IOS XR Software | 7.0.2 | affected |
| Cisco | Cisco IOS XR Software | 7.1.15 | affected |
| Cisco | Cisco IOS XR Software | 7.2.0 | affected |
| Cisco | Cisco IOS XR Software | 7.2.1 | affected |
| Cisco | Cisco IOS XR Software | 7.1.2 | affected |
| Cisco | Cisco IOS XR Software | 6.7.2 | affected |
| Cisco | Cisco IOS XR Software | 7.0.11 | affected |
| Cisco | Cisco IOS XR Software | 7.0.12 | affected |
| Cisco | Cisco IOS XR Software | 7.0.14 | affected |
| Cisco | Cisco IOS XR Software | 7.1.25 | affected |
| Cisco | Cisco IOS XR Software | 6.6.4 | affected |
| Cisco | Cisco IOS XR Software | 7.2.12 | affected |
| Cisco | Cisco IOS XR Software | 7.3.1 | affected |
| Cisco | Cisco IOS XR Software | 7.1.3 | affected |
| Cisco | Cisco IOS XR Software | 6.7.3 | affected |
| Cisco | Cisco IOS XR Software | 7.4.1 | affected |
| Cisco | Cisco IOS XR Software | 7.2.2 | affected |
| Cisco | Cisco IOS XR Software | 6.7.4 | affected |
| Cisco | Cisco IOS XR Software | 6.5.31 | affected |
| Cisco | Cisco IOS XR Software | 7.3.15 | affected |
| Cisco | Cisco IOS XR Software | 7.3.16 | affected |
| Cisco | Cisco IOS XR Software | 6.8.1 | affected |
| Cisco | Cisco IOS XR Software | 7.4.15 | affected |
| Cisco | Cisco IOS XR Software | 6.5.32 | affected |
| Cisco | Cisco IOS XR Software | 7.3.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.1 | affected |
| Cisco | Cisco IOS XR Software | 7.4.16 | affected |
| Cisco | Cisco IOS XR Software | 7.3.27 | affected |
| Cisco | Cisco IOS XR Software | 7.6.1 | affected |
| Cisco | Cisco IOS XR Software | 7.5.2 | affected |
| Cisco | Cisco IOS XR Software | 7.8.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.15 | affected |
| Cisco | Cisco IOS XR Software | 7.5.12 | affected |
| Cisco | Cisco IOS XR Software | 7.8.12 | affected |
| Cisco | Cisco IOS XR Software | 7.3.3 | affected |
| Cisco | Cisco IOS XR Software | 7.7.1 | affected |
| Cisco | Cisco IOS XR Software | 6.8.2 | affected |
| Cisco | Cisco IOS XR Software | 7.3.4 | affected |
| Cisco | Cisco IOS XR Software | 7.4.2 | affected |
| Cisco | Cisco IOS XR Software | 6.7.35 | affected |
| Cisco | Cisco IOS XR Software | 6.9.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.3 | affected |
| Cisco | Cisco IOS XR Software | 7.7.2 | affected |
| Cisco | Cisco IOS XR Software | 6.9.2 | affected |
| Cisco | Cisco IOS XR Software | 7.9.1 | affected |
| Cisco | Cisco IOS XR Software | 7.10.1 | affected |
| Cisco | Cisco IOS XR Software | 7.8.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.4 | affected |
| Cisco | Cisco IOS XR Software | 6.5.33 | affected |
| Cisco | Cisco IOS XR Software | 7.8.22 | affected |
| Cisco | Cisco IOS XR Software | 7.7.21 | affected |
| Cisco | Cisco IOS XR Software | 7.9.2 | affected |
| Cisco | Cisco IOS XR Software | 7.3.5 | affected |
| Cisco | Cisco IOS XR Software | 7.5.5 | affected |
| Cisco | Cisco IOS XR Software | 7.11.1 | affected |
| Cisco | Cisco IOS XR Software | 7.9.21 | affected |
| Cisco | Cisco IOS XR Software | 7.10.2 | affected |
| Cisco | Cisco IOS XR Software | 24.1.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.3 | affected |
| Cisco | Cisco IOS XR Software | 7.3.6 | affected |
| Cisco | Cisco IOS XR Software | 7.5.52 | affected |
| Cisco | Cisco IOS XR Software | 7.11.2 | affected |
| Cisco | Cisco IOS XR Software | 24.2.1 | affected |
| Cisco | Cisco IOS XR Software | 24.1.2 | affected |
| Cisco | Cisco IOS XR Software | 24.2.11 | affected |
| Cisco | Cisco IOS XR Software | 24.2.2 | affected |
| Cisco | Cisco IOS XR Software | 7.8.23 | affected |
| Cisco | Cisco IOS XR Software | 7.11.21 | affected |
| Cisco | Cisco IOS XR Software | 24.2.20 | affected |
| Cisco | Cisco IOS XR Software | 6.5.35 | affected |
Weaknesses
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX
- https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.