CVE-2009-2055

MediumKnown Exploited

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an…

cisco·CWE-20·Published 2009-08-19

CVSS

5.9

EPSS

0.03

KEV

Yes

Exploits

cve.orgen

200 chars

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

NVDen

200 chars

NVDes

228 chars

Cisco IOS XR desde la v3.4.0 hasta la v3.8.1 permite a atacantes remotos producir una denegación de servicio (reset de sesión) a través de el mensaje BGP UPDATE con un atributo invalido, como se demostró el 17 de Agosto de 2009.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H