Professional Documents
Culture Documents
Shajaneshwar Vulnerabilities CERT and SANS Assignment
Shajaneshwar Vulnerabilities CERT and SANS Assignment
SANS
Description
UEFI firmware provides an extensible interface between an operating system and
hardware platform. UEFI software stores a number of settings and files in a
customized Extensible Firmware Interface (EFI) partition known as EFI system
partition (ESP). ESP is a special privileged file system that is independent of the
OS and essentially acts as the storage place for the UEFI boot loaders,
applications, hardware drivers and customizable settings to be launched by the UEFI
firmware. The ESP partition is mandatory for UEFI boot and is protected from
unprivileged access. The information stored in ESP is probed and processed during
the early phases of an UEFI based OS. One such information stored in the ESP is a
personalizable boot logo.
This is undesirable because a session reset impacts not only routes with the BGP
UPDATE but also the other valid routes exchanged over the session. RFC 7606
Introduction
Description
The Border Gateway Protocol (BGP, RFC 4271) is a widely used inter-Autonomous
System routing protocol. BGP communication among peer routers is critical to the
stable operation of the Internet. A number of known BGP security issues were
addressed in RFC 7606 Revised Error Handling for BGP UPDATE Messages in 2015.
Recent reports indicate that multiple BGP implementations do not properly handle
specially crafted Path Attributes in the BGP UPDATE messages. An attacker with a
valid, configured BGP session could inject a specially crafted packet into an
existing BGP session or the underlying TCP session (179/tcp). A vulnerable BGP
implementation could drop sessions when processing crafted UPDATE messages. A
persistent attack could lead to routing instability (route flapping).
This vulnerability was first announced as affecting OpenBSD based routers. Further
investigation indicates that other vendors are affected by the same or similar
issues. Please see the Systems Affected section below. Here are the CVE IDs that
were reserved by the reporter for different vendors that were tested:
CVE-2023-4481 (Juniper)
CVE-2023-38802 (FRR)
CVE-2023-38283 (OpenBGPd)
CVE-2023-40457 (EXOS)
Impact
A remote attacker could publish a BGP UPDATE with a crafted set of Path Attributes,
causing vulnerable routers to de-peer from any link from which such an update were
received. Unaffected routers might also pass the crafted updates across the
network, potentially leading to the update arriving at an affected router from
multiple sources, causing multiple links to fail.
Solution
The CERT/CC is currently unaware of a practical solutions for every vendor but some
of the vendors allow you to change the response to errors in BGP path updates.
Networks using appliances from Juniper and Nokia can mitigate this behavior by
enabling:
Description
CVE-2023-4498 is an authentication bypass vulnerability that enables an
unauthenticated attacker who has access to the web console, either locally or
remotely, to access resources that would normally be protected. The attacker can
construct a web request that includes a white-listed keyword in the path, causing
the URL to be served directly (rather than blocked or challenged with an
authentication prompt).
Impact
Successful exploitation of this vulnerability could grant the attacker access to
pages that would otherwise require authentication. An unauthenticated attacker
could thereby gain access to sensitive information, such as the Administrative
password, which could be used to launch additional attacks.
Solution
There is no known solution to the vulnerability. Always update your router to the
latest available firmware version. Disabling both the remote (WAN-side)
administration services and the web interface on the WAN on any SoHo router is also
recommended.
Buffer errors are common for software that performs operations on a memory
buffer. Due to absence or improper validation of input data, an attacker might be
able to read or write data outside the intended buffer. This weakness is often
referred to as memory corruption. Certain languages allow direct memory addressing
and do not automatically ensure that the addressed locations are valid for buffer
that is being referenced. As a result, read and write operations might be performed
on memory locations associated with another buffer, variables, data structures,
etc.