CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
ciscoios_xr
3.4
ciscoios_xr
3.4.0
ciscoios_xr
3.4.1
ciscoios_xr
3.4.2
ciscoios_xr
3.4.3
ciscoios_xr
3.5
ciscoios_xr
3.5.2
ciscoios_xr
3.5.3
ciscoios_xr
3.5.4
ciscoios_xr
3.6.0
ciscoios_xr
3.6.1
ciscoios_xr
3.6.2
ciscoios_xr
3.6.3
ciscoios_xr
3.7.0
ciscoios_xr
3.7.1
ciscoios_xr
3.7.2
ciscoios_xr
3.7.3
ciscoios_xr
3.8.0
ciscoios_xr
3.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html
http://securitytracker.com/id?1022739
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml
http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html
http://securitytracker.com/id?1022739
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055