7.5

CVE-2010-3035

Warnung
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xr Version >= 3.4.0 <= 3.9.1

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Schwachstelle

Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.56% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
Mailing List
http://osvdb.org/67696
Broken Link
http://secunia.com/advisories/41190
Broken Link
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
Vendor Advisory
Broken Link
http://www.securitytracker.com/id?1024371
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/2227
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443
Vendor Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3035
US Government Resource