The same week, CISA tagged a remote command execution security flaw impacting Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers as actively exploited in attacks and ordered U.S. federal agencies to secure any vulnerable devices by March 23. The company's Product Security Incident Response Team (PSIRT) found no evidence that this vulnerability has been exploited in the wild, but Cisco says a write-up published in September on APNIC's blog provides additional CVE-2025-20115 technical details. "This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers)," the company explains in a security advisory issued this week. Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. "Cisco continues to strongly recommend that customers upgrade their hardware to Meraki or Cisco 1000 Series Integrated Services Routers to remediate these vulnerabilities," the company urged in an advisory updated days after CISA's order was issued. To exploit the CVE-2025-20115 vulnerability, "the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more," or the attackers must have control of a BGP confederation speaker within the same autonomous system as the targeted device(s). This high-severity flaw (tracked as CVE-2025-20115) was found in the confederation implementation for the Border Gateway Protocol (BGP), and it only affects Cisco IOS XR devices if BGP confederation is configured. Successful exploitation allows unauthenticated attackers to take down vulnerable devices remotely in low-complexity attacks by causing memory corruption via buffer overflow, leading to a BGP process restart. Earlier this month, Cisco warned customers of a vulnerability in Webex for BroadWorks that can let unauthenticated attackers access credentials remotely. IOS XR runs on the company's carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. Those who can't immediately apply the security patches released earlier this week are advised to restrict the BGP AS_CONFED_SEQUENCE attribute to 254 or fewer AS numbers to limit potential attacks' impact. "While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions," Cisco said.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 14 Mar 2025 16:45:15 +0000