CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
ciscoios_xr
3.4.0 ≤
𝑥
≤ 3.9.1
𝑥
= Vulnerable software versions
References
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
http://osvdb.org/67696
http://secunia.com/advisories/41190
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
http://www.securitytracker.com/id?1024371
http://www.vupen.com/english/advisories/2010/2227
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
http://osvdb.org/67696
http://secunia.com/advisories/41190
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
http://www.securitytracker.com/id?1024371
http://www.vupen.com/english/advisories/2010/2227
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443