Published: 30/08/2010 Updated: 17/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Cisco IOS XR 3.4.0 up to and including 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote malicious users to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xr 3.4.2
cisco ios xr 3.4.3
cisco ios xr 3.6.3
cisco ios xr 3.7.0
cisco ios xr 3.8.4
cisco ios xr 3.9.0
cisco ios xr 3.4.0
cisco ios xr 3.4.1
cisco ios xr 3.6.1
cisco ios xr 3.6.2
cisco ios xr 3.8.1
cisco ios xr 3.8.2
cisco ios xr 3.8.3
cisco ios xr 3.5.4
cisco ios xr 3.6.0
cisco ios xr 3.7.3
cisco ios xr 3.8.0
cisco ios xr 3.5.2
cisco ios xr 3.5.3
cisco ios xr 3.7.1
cisco ios xr 3.7.2
cisco ios xr 3.9.1

Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring de ...

CWE-20 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html http://www.vupen.com/english/advisories/2010/2227 http://www.securitytracker.com/id?1024371 http://secunia.com/advisories/41190 http://osvdb.org/67696 https://exchange.xforce.ibmcloud.com/vulnerabilities/61443 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100827-bgp

CVE-2010-3035

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect