CVE-2023-41376 in Service Router Operating System
Summary
by MITRE • 08/29/2023
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/01/2026
The vulnerability identified as CVE-2023-41376 affects Nokia Service Router Operating System version 22.10 and SR Linux platforms where error-handling update-fault-tolerance mechanisms are not properly configured. This weakness manifests in the improper handling of BGP path attributes during error conditions, creating potential security and operational risks within network infrastructure deployments. The issue stems from insufficient validation and processing of BGP path attributes when system error conditions occur, particularly in environments where fault tolerance mechanisms are disabled.
BGP path attributes represent critical information exchanged between routing peers that determine the optimal path for data transmission across networks. When these attributes are mishandled during error scenarios, the affected systems may exhibit unpredictable behavior including potential crashes, memory corruption, or incorrect routing decisions. The vulnerability specifically impacts the error-handling pathways within the BGP implementation, where the system fails to properly process path attributes when fault conditions are encountered. This flaw operates at the network protocol processing layer and can affect the stability and reliability of routing operations in enterprise and service provider networks.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise network integrity and availability. Attackers could exploit this weakness to cause denial of service conditions by crafting malicious BGP updates that trigger the faulty error-handling code paths. When update-fault-tolerance is disabled, the system lacks the protective mechanisms that would normally prevent cascading failures or memory corruption during error conditions. This creates an environment where a single malformed BGP attribute could cause system instability, requiring manual intervention and potentially leading to extended network outages. The vulnerability affects critical network infrastructure components that form the backbone of internet connectivity and enterprise communications.
Mitigation strategies should focus on enabling and properly configuring fault tolerance mechanisms within the Nokia SR OS and SR Linux platforms. Network administrators must ensure that update-fault-tolerance is enabled and properly tuned to handle error conditions gracefully. The recommended approach includes implementing comprehensive monitoring for BGP error conditions and establishing automated response procedures when fault tolerance mechanisms are triggered. Organizations should also consider implementing network segmentation and access controls to limit exposure to potentially malicious BGP updates. Additionally, regular security assessments and vulnerability scanning should be conducted to identify systems running without proper fault tolerance configurations. The vulnerability aligns with CWE-248, which addresses the improper handling of exceptions or errors in software implementations. From an ATT&CK framework perspective, this vulnerability could be leveraged in initial access and persistence phases where adversaries seek to disrupt network operations and establish footholds within target environments through routing protocol manipulation.