6.4 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
75.0%
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.