CVE-2009-2055 - OpenCVE

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios Xr

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios_xr:3.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.8.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.8.1:::::::*

No data.

References

Link	Providers
http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html
http://securitytracker.com/id?1022739
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2009-08-19T17:00:00Z

Updated: 2024-09-17T04:03:34.997Z

Reserved: 2009-06-12T00:00:00Z

Link: CVE-2009-2055

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-08-19T17:30:01.047

Modified: 2009-08-21T04:00:00.000

Link: CVE-2009-2055

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-19T17:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "[nanog] 20090817 RE: Anyone else seeing \"(invalid or corrupt AS path) 3 bytes E01100\" ?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html"}, {"name": "1022739", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1022739"}, {"name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-2055", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[nanog] 20090817 RE: Anyone else seeing \"(invalid or corrupt AS path) 3 bytes E01100\" ?", "refsource": "MLIST", "url": "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html"}, {"name": "1022739", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1022739"}, {"name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:36:20.975Z"}, "title": "CVE Program Container", "references": [{"name": "[nanog] 20090817 RE: Anyone else seeing \"(invalid or corrupt AS path) 3 bytes E01100\" ?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html"}, {"name": "1022739", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1022739"}, {"name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-2055", "datePublished": "2009-08-19T17:00:00Z", "dateReserved": "2009-06-12T00:00:00Z", "dateUpdated": "2024-09-17T04:03:34.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "75538529-611A-43B5-AC4D-089C4E2E2ACC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "00DA2581-F618-4F2A-AB65-DA23DF51AF89", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "81797938-F953-42BE-B287-AA48B9860AF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "92AED038-C73F-4499-B064-F01D80DB0C64", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB7A249B-AF69-47D0-B6DE-968B4CD0BA42", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "F992D03D-1DB8-44C1-B59D-1C09A32A2C91", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5F15240-6323-4766-801A-D887F3EA8A6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D99DC1CF-78DC-4E59-98BA-DD84702D6467", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B9FA754-E3D2-4D80-8F4B-41139973D9FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F497A05C-2FC5-427D-8036-2476ACA956C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2252E7B0-9112-4E9E-8CF4-4EC53C630CFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1131A524-AA7A-4C94-9FFE-54546EA7D2CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "46D1A634-D39C-4305-8915-4AA289FB68EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "21BAB799-3150-46D8-AEA3-9FCC73203221", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "99042285-94AC-4C57-8EAA-EE63C678A94A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E752AA9-CC1C-44B6-A916-A3C76A57F05C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "71CBE50E-9BD3-4F74-8C7A-BE4905090EE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "96F48419-AF66-4B50-ACBF-9E38287A64FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB71A24-AA6C-4BAD-BD37-5C191751C9DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009."}, {"lang": "es", "value": "Cisco IOS XR desde la v3.4.0 hasta la v3.8.1 permite a atacantes remotos producir una denegaci\u00f3n de servicio (reset de sesi\u00f3n) a trav\u00e9s de el mensaje BGP UPDATE con un atributo invalido, como se demostr\u00f3 el 17 de Agosto de 2009."}], "id": "CVE-2009-2055", "lastModified": "2009-08-21T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-19T17:30:01.047", "references": [{"source": "ykramarz@cisco.com", "url": "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html"}, {"source": "ykramarz@cisco.com", "url": "http://securitytracker.com/id?1022739"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}