CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:L/Au:M/C:N/I:N/A:P

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://securitytracker.com/id?1022756
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr:3.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.8.0:::::::*

History

No history.

Information

Published : 2009-08-21 17:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-1154

Mitre link : CVE-2009-1154

CVE.ORG link : CVE-2009-1154

JSON object : View

Products Affected

cisco

ios_xr

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2009-1154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P", "authentication": "MULTIPLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-21T17:30:00.203", "references": [{"url": "http://securitytracker.com/id?1022756", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."}, {"lang": "es", "value": "Cisco IOS XR 3.8.1 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida de proceso) mediante un mensaje BGP UPDATE, como se ha demostrado con un mensaje con muchos n\u00fameros AS en el AS Path Attribute."}], "lastModified": "2009-08-21T17:30:00.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A71883C-A3DF-4FB3-8BA9-61A0E4DFD2F3", "versionEndIncluding": "3.8.1"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75538529-611A-43B5-AC4D-089C4E2E2ACC"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00DA2581-F618-4F2A-AB65-DA23DF51AF89"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81797938-F953-42BE-B287-AA48B9860AF6"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92AED038-C73F-4499-B064-F01D80DB0C64"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB7A249B-AF69-47D0-B6DE-968B4CD0BA42"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F992D03D-1DB8-44C1-B59D-1C09A32A2C91"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5F15240-6323-4766-801A-D887F3EA8A6B"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99DC1CF-78DC-4E59-98BA-DD84702D6467"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B9FA754-E3D2-4D80-8F4B-41139973D9FC"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F497A05C-2FC5-427D-8036-2476ACA956C0"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2252E7B0-9112-4E9E-8CF4-4EC53C630CFD"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1131A524-AA7A-4C94-9FFE-54546EA7D2CC"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D1A634-D39C-4305-8915-4AA289FB68EE"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BAB799-3150-46D8-AEA3-9FCC73203221"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99042285-94AC-4C57-8EAA-EE63C678A94A"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E752AA9-CC1C-44B6-A916-A3C76A57F05C"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71CBE50E-9BD3-4F74-8C7A-BE4905090EE2"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96F48419-AF66-4B50-ACBF-9E38287A64FA"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}