KEVIntel
Back to KEVs
5.9
CVSS
Medium

CVE-2009-2055

PUBLISHED

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid...

Exploited in the wild Remote No user interaction
Vendor
Cisco
Product
IOS XR
Published
Aug 19, 2009
EPSS

Description

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

ios cisa edge

CVSS scores

CVSS v3.1 5.9 Medium

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 4.3

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitation status

Exploited in the wild

Recorded 2022-03-25 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 25, 2022

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel