CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid...

Basic Information

CVE State: PUBLISHED
Reserved Date: June 12, 2009
Published Date: August 19, 2009
Last Updated: November 15, 2024
Vendor: Cisco
Product: IOS XR
Description: Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
Tags

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2022-03-25 00:00:00 UTC) Source

References

http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html http://securitytracker.com/id?1022739 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-25 00:00:00 UTC

Timeline

CVE ID Reserved

June 12, 2009
CVE Published to Public

August 19, 2009
Added to KEVIntel

March 25, 2022