CVE-2023-41376

Vulnerability

Nokia Service Router Operating System (SR OS) version 22.10 and SR Linux mishandle BGP path attributes when the error-handling update-fault-tolerance feature is not enabled [1]. This improper handling occurs during the processing of malformed or corrupted BGP path attributes, which can lead to unintended behaviour.

Exploitation

An attacker who is a BGP peer can send a crafted BGP UPDATE message containing a malformed path attribute to a vulnerable Nokia router [1]. The router, lacking the protective update-fault-tolerance configuration, will mishandle the attribute. No additional authentication or user interaction is required beyond establishing a BGP session, which typically relies on TCP and optional MD5 or TCP-AO authentication. The attacker must be able to inject the malicious update into the BGP session.

Impact

Successful exploitation can cause the affected BGP session to reset or behave unpredictably [1], resulting in a denial of service (DoS) for routes learned via that session. This can lead to route flapping, network instability, and potential loss of connectivity. The impact is primarily on availability, but integrity of routing information may also be affected if the mishandling leads to incorrect route propagation.

Mitigation

The vulnerability is mitigated by enabling the error-handling update-fault-tolerance configuration on the router [1]. As of the publication date (2023-08-29), no software patch has been released; the workaround is to adjust the configuration. Users should ensure this feature is enabled in their BGP configuration. The affected versions are SR OS 22.10 and SR Linux; users of these versions should apply the configuration change.