A newly discovered vulnerability, CVE-2022-20849, has been found in the Broadband Network Gateway (BNG) PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software. This vulnerability can potentially allow an unauthenticated, adjacent attacker to cause the PPPoE process to crash repeatedly, leading to denial of service issues (DoS). The vulnerability occurs when the PPPoE feature fails to handle an error condition within a specific crafted packet sequence.
Exploit Details
This vulnerability is caused by the PPPoE feature's inability to handle and process certain packet sequences properly. To exploit the vulnerability, an attacker would need to send a series of specific PPPoE packets from controlled customer premises equipment (CPE).
Below is an example of a crafted packet sequence that could trigger the vulnerability
1. PPPoE Active Discovery Initiation (PADI) packet
2. PPPoE Active Discovery Offer (PADO) packet
3. PPPoE Active Discovery Request (PADR) packet
4. Erroneous PPPoE Active Discovery Session (PADS) packet
Upon receiving this sequence, the PPPoE process may not handle the error condition correctly, causing it to crash. This crash can cause the entire process to restart, which will then be vulnerable to the same crafted packet sequence attack, leading to a continuous denial of service condition (DoS).
Affected Software and Systems
Cisco IOS XR Software running the BNG PPPoE feature is affected by this vulnerability. For a detailed list of affected software versions, refer to the Cisco IOS XR Software Security Advisory Bundled Publication.
Official References
Cisco has acknowledged the vulnerability in their security advisory and has included it in their September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For more information and a complete list of related advisories, refer to the following link:
September 2022 Cisco IOS XR Software Security Advisory Bundled Publication
Mitigation and Solutions
Cisco has released software updates to address this vulnerability. Users are recommended to apply the necessary updates as soon as possible. Currently, there are no available workarounds to address this vulnerability.
Conclusion
CVE-2022-20849 is a critical vulnerability in Cisco IOS XR's BNG PPPoE Feature that could result in severe denial of service conditions by causing the PPPoE process to crash repeatedly. It is crucial for users of affected systems to be aware of the vulnerability, and to apply the software updates provided by Cisco in order to safeguard their networks and devices.
Timeline
Published on: 11/15/2024 15:31:20 UTC