CVE-2010-3035

EUVD-2010-3037
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
ciscoios_xr
3.4.0 ≤
𝑥
≤ 3.9.1
𝑥
= Vulnerable software versions
References
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
http://osvdb.org/67696
http://secunia.com/advisories/41190
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
http://www.securitytracker.com/id?1024371
http://www.vupen.com/english/advisories/2010/2227
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
http://osvdb.org/67696
http://secunia.com/advisories/41190
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
http://www.securitytracker.com/id?1024371
http://www.vupen.com/english/advisories/2010/2227
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3035