CVE-2009-2056

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:M/C:N/I:N/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ciscoios_xr
𝑥
≤ 3.8.1
ciscoios_xr
3.0
ciscoios_xr
3.0.1
ciscoios_xr
3.1
ciscoios_xr
3.1.0
ciscoios_xr
3.2
ciscoios_xr
3.2.1
ciscoios_xr
3.2.2
ciscoios_xr
3.2.3
ciscoios_xr
3.2.3
ciscoios_xr
3.2.4
ciscoios_xr
3.2.50
ciscoios_xr
3.3
ciscoios_xr
3.4
ciscoios_xr
3.4.0
ciscoios_xr
3.4.1
ciscoios_xr
3.4.2
ciscoios_xr
3.4.3
ciscoios_xr
3.5
ciscoios_xr
3.5.2
ciscoios_xr
3.5.3
ciscoios_xr
3.5.4
ciscoios_xr
3.6
ciscoios_xr
3.6.0
ciscoios_xr
3.6.1
ciscoios_xr
3.6.2
ciscoios_xr
3.6.3
ciscoios_xr
3.7
ciscoios_xr
3.7.0
ciscoios_xr
3.7.1
ciscoios_xr
3.7.2
ciscoios_xr
3.7.3
ciscoios_xr
3.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securitytracker.com/id?1022756
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml
http://securitytracker.com/id?1022756
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml