CVE-2010-3035

HIGH KEV

Cisco IOS XR <3.9.1 - DoS

Title source: llm

Description

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

References (8)

[Mailing List] http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html

[Broken Link] http://osvdb.org/67696

[Broken Link] http://secunia.com/advisories/41190

[Broken Link, Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024371

[Broken Link] http://www.vupen.com/english/advisories/2010/2227

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/61443

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-3035

Scores

CVSS v3 7.5

EPSS 0.0530

EPSS Percentile 90.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-25

InTheWild.io 2017-08-17

ENISA EUVD EUVD-2010-3037

Status published

Products (1)

cisco/ios_xr 3.4.0 - 3.9.1

Published Aug 30, 2010

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026