4.3

CVE-2009-2055

Warnung

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xr Version3.4
CiscoIos Xr Version3.4.0
CiscoIos Xr Version3.4.1
CiscoIos Xr Version3.4.2
CiscoIos Xr Version3.4.3
CiscoIos Xr Version3.5
CiscoIos Xr Version3.5.2
CiscoIos Xr Version3.5.3
CiscoIos Xr Version3.5.4
CiscoIos Xr Version3.6.0
CiscoIos Xr Version3.6.1
CiscoIos Xr Version3.6.2
CiscoIos Xr Version3.6.3
CiscoIos Xr Version3.7.0
CiscoIos Xr Version3.7.1
CiscoIos Xr Version3.7.2
CiscoIos Xr Version3.7.3
CiscoIos Xr Version3.8.0
CiscoIos Xr Version3.8.1

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Schwachstelle

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.