Lucene search

[email protected]CVE-2009-1154

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-1154

2022-10-0316:24:00

CWE-119

[email protected]

web.nvd.nist.gov

cisco

ios

3.8.1

denial of service

vulnerability

nvd

cve-2009-1154

6.8 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.1%

JSON

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

Affected configurations

NVD

Node

ciscoios_xrRange≤3.8.1

ciscoios_xrMatch3.4

ciscoios_xrMatch3.4.0

ciscoios_xrMatch3.4.1

ciscoios_xrMatch3.4.2

ciscoios_xrMatch3.4.3

ciscoios_xrMatch3.5

ciscoios_xrMatch3.5.2

ciscoios_xrMatch3.5.3

ciscoios_xrMatch3.5.4

ciscoios_xrMatch3.6.0

ciscoios_xrMatch3.6.1

ciscoios_xrMatch3.6.2

ciscoios_xrMatch3.6.3

ciscoios_xrMatch3.7.0

ciscoios_xrMatch3.7.1

ciscoios_xrMatch3.7.2

ciscoios_xrMatch3.7.3

ciscoios_xrMatch3.8.0

CPENameOperatorVersion
cisco:ios_xrcisco ios xrle3.8.1
cisco:ios_xrcisco ios xreq3.4
cisco:ios_xrcisco ios xreq3.4.0
cisco:ios_xrcisco ios xreq3.4.1
cisco:ios_xrcisco ios xreq3.4.2
cisco:ios_xrcisco ios xreq3.4.3
cisco:ios_xrcisco ios xreq3.5
cisco:ios_xrcisco ios xreq3.5.2
cisco:ios_xrcisco ios xreq3.5.3
cisco:ios_xrcisco ios xreq3.5.4

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	le	3.8.1
cisco:ios_xr	cisco ios xr	eq	3.4
cisco:ios_xr	cisco ios xr	eq	3.4.0
cisco:ios_xr	cisco ios xr	eq	3.4.1
cisco:ios_xr	cisco ios xr	eq	3.4.2
cisco:ios_xr	cisco ios xr	eq	3.4.3
cisco:ios_xr	cisco ios xr	eq	3.5
cisco:ios_xr	cisco ios xr	eq	3.5.2
cisco:ios_xr	cisco ios xr	eq	3.5.3
cisco:ios_xr	cisco ios xr	eq	3.5.4