4.3

CVE-2009-2055

Warning

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xr Version3.4
CiscoIos Xr Version3.4.0
CiscoIos Xr Version3.4.1
CiscoIos Xr Version3.4.2
CiscoIos Xr Version3.4.3
CiscoIos Xr Version3.5
CiscoIos Xr Version3.5.2
CiscoIos Xr Version3.5.3
CiscoIos Xr Version3.5.4
CiscoIos Xr Version3.6.0
CiscoIos Xr Version3.6.1
CiscoIos Xr Version3.6.2
CiscoIos Xr Version3.6.3
CiscoIos Xr Version3.7.0
CiscoIos Xr Version3.7.1
CiscoIos Xr Version3.7.2
CiscoIos Xr Version3.7.3
CiscoIos Xr Version3.8.0
CiscoIos Xr Version3.8.1

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Vulnerability

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.24% 0.775
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.