CVE-2009-2055

MEDIUM KEV

Cisco IOS XR <3.8.1 - DoS

Title source: llm

Description

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

References (4)

[Mailing List] http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html

[Broken Link] http://securitytracker.com/id?1022739

[Patch, Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

Scores

CVSS v3 5.9

EPSS 0.0041

EPSS Percentile 60.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitation Intel

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-25

InTheWild.io 2009-08-21

ENISA EUVD EUVD-2009-2051

Classification

CWE

CWE-20

Status draft

Affected Products (19)

cisco/ios_xr

... and 4 more

Timeline

Published Aug 19, 2009

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026