CVE-2009-2055

Warnung

EPSS 1.67%
Veröffentlicht 19.08.2009 17:30:01
Zuletzt bearbeitet 22.10.2025 01:15:34
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Xr Version3.4

Cisco ≫ Ios Xr Version3.4.0

Cisco ≫ Ios Xr Version3.4.1

Cisco ≫ Ios Xr Version3.4.2

Cisco ≫ Ios Xr Version3.4.3

Cisco ≫ Ios Xr Version3.5

Cisco ≫ Ios Xr Version3.5.2

Cisco ≫ Ios Xr Version3.5.3

Cisco ≫ Ios Xr Version3.5.4

Cisco ≫ Ios Xr Version3.6.0

Cisco ≫ Ios Xr Version3.6.1

Cisco ≫ Ios Xr Version3.6.2

Cisco ≫ Ios Xr Version3.6.3

Cisco ≫ Ios Xr Version3.7.0

Cisco ≫ Ios Xr Version3.7.1

Cisco ≫ Ios Xr Version3.7.2

Cisco ≫ Ios Xr Version3.7.3

Cisco ≫ Ios Xr Version3.8.0

Cisco ≫ Ios Xr Version3.8.1

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Schwachstelle

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.67%	0.814

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html

Mailing List

http://securitytracker.com/id?1022739

Broken Link

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

https://nvd.nist.gov/vuln/detail/CVE-2009-2055

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2055

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2055

EUVD