BGP is the backbone protocol and the internet’s “glue,” which directs the routing decisions between ISP networks to hold the internet under a set.
In short, this protocol, BGP, is completely an essential element necessary for the internet’s proper functionality.
Edge device software implementing BGP isn’t perfect, with both commercial and open-source versions showing issues in this crucial routing protocol.
While many flaws are minor and related to routing issues, a concerning BGP bug can propagate like a computer worm.
The owner of BGP[.]Tools, Ben Cartwright-Cox found this flaw; It’s a company that offers BGP monitoring services for issue detection and resolution.
Mistaken Attribute
A small Brazilian network reannounced a route with a corrupted attribute on June 2, 2023, potentially affecting the intermediate routers.
Many routers ignored the attribute, but Juniper routers understood, and the error response shut BGP sessions, impacting internet connectivity for distant networks.
Besides this, the BGP errors suspend the session, pausing customer traffic until auto-restart is done, which usually takes seconds to minutes.
This affected multiple carriers, like COLT, whose outage brought attention to the issue.
BGP Error Handling Flaw
Each route attribute begins with flags, including the crucial ‘transitive bit’:-
If an attribute’s transitive bit is set and a router doesn’t understand it, it copies to another router, potentially causing blind propagation of unknown information.
BGP shutdowns disrupt traffic and can propagate like a worm. While the attributes unknown to one implementation might cause another to shut down, the crafted BGP UPDATE could target a vendor and pull a network offline.
This attack remains, as the malicious route stays in the peer router; even after a restart, it triggers another reset when transmitted which leads to prolonged outages.
Moreover, to test whether various BGP implementations are impacted or not, the security analyst developed a basic fuzzer.
Unimpacted Vendors
Here below, we have mentioned all the vendors that have not been impacted:-
MikroTik RouterOS 7+
Ubiquiti EdgeOS
Arista EOS
Huawei NE40
Cisco IOS-XE / “Classic” / XR
Bird 1.6, All versions of Bird 2.0
GoBGP
Impacted vendors
Here below, we have mentioned all the impacted vendors:-
Juniper Networks Junos OS
Nokia’s SR-OS
Extreme Networks’ EXOS
OpenBSD’s OpenBGPd
OpenBSD’s FRRouting
Reporting & Responses
These findings were reported to all the impacted vendors by Cartwright-Cox. After being notified, the following responses were observed from the impacted vendors:-
OpenBSD issued a patch
Juniper assigned CVEs
FRR also assigned CVEs
Nokia hasn’t addressed the problem
Extreme also hasn’t addressed the problem
Apart from this, despite the vendor silence, organizations can take mitigatory steps to prevent potential exploitation.