CVE-2010-3035
HIGH KEVCisco IOS XR 3.4.0-3.9.1 - Denial of Service via Crafted BGP Prefix Announcement
Title source: llmExploitation Summary
CVE-2010-3035 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022.
Description
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
References (8)
Core 8
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3035
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61443
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024371
Broken Link, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
Mailing List mailing-list
x_refsource_mlist
http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41190
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2227
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/67696
Scores
CVSS v3
7.5
EPSS
0.0530
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-03-25
VulnCheck KEV
2022-03-25
InTheWild.io
2017-08-17
ENISA EUVD
EUVD-2010-3037
Status
published
Products (1)
cisco/ios_xr
3.4.0 - 3.9.1
Published
Aug 30, 2010
KEV Added
Mar 25, 2022
Tracked Since
Feb 18, 2026