cvelistv5 - CVE-2010-3035

CVE-2010-3035

Vulnerability from cvelistv5

Published

2010-08-30 20:00

Modified

2024-11-15 18:02

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html	Mailing List
ykramarz@cisco.com	http://osvdb.org/67696	Broken Link
ykramarz@cisco.com	http://secunia.com/advisories/41190	Broken Link
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml	Broken Link, Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id?1024371	Broken Link, Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2010/2227	Broken Link
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/61443	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/67696	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41190	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024371	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2227	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61443	VDB Entry, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-03-25

Due date: 2022-04-15

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-3035

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ciscoiosxr-bgp-packet-dos(61443)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
          },
          {
            "name": "1024371",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024371"
          },
          {
            "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
          },
          {
            "name": "[nanog] 20100827 Did your BGP crash today?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
          },
          {
            "name": "41190",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41190"
          },
          {
            "name": "ADV-2010-2227",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2227"
          },
          {
            "name": "67696",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/67696"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2010-3035",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T17:40:14.918410Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3035"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T18:02:56.974Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "ciscoiosxr-bgp-packet-dos(61443)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
        },
        {
          "name": "1024371",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024371"
        },
        {
          "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
        },
        {
          "name": "[nanog] 20100827 Did your BGP crash today?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
        },
        {
          "name": "41190",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41190"
        },
        {
          "name": "ADV-2010-2227",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2227"
        },
        {
          "name": "67696",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/67696"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3035",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ciscoiosxr-bgp-packet-dos(61443)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
            },
            {
              "name": "1024371",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024371"
            },
            {
              "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
            },
            {
              "name": "[nanog] 20100827 Did your BGP crash today?",
              "refsource": "MLIST",
              "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
            },
            {
              "name": "41190",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41190"
            },
            {
              "name": "ADV-2010-2227",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2227"
            },
            {
              "name": "67696",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/67696"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3035",
    "datePublished": "2010-08-30T20:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-11-15T18:02:56.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-3035",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-3035",
      "product": "IOS XR",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).",
      "vendorProject": "Cisco",
      "vulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-04-15",
      "cisaExploitAdd": "2022-03-25",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.4.0\", \"versionEndIncluding\": \"3.9.1\", \"matchCriteriaId\": \"14636B6F-0D6A-4B1F-9F7E-C5A7445A5CFC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.\"}, {\"lang\": \"es\", \"value\": \"Cisco IOS XR v3.4.0 hasta la versi\\u00f3n v3.9.1, si BGP est\\u00e1 activado, no maneja apropiadamente los atributos transitivos no reconocidos, lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (\\\"peering reset\\\" o reinicio del hom\\u00f3logo) a trav\\u00e9s de un mensaje de anuncio de prefijos modificado, como se ha demostrado en la realidad en agosto del 2010 con el c\\u00f3digo de tipo de atributo 99. Tambi\\u00e9n conocido como Bug ID CSCti62211.\"}]",
      "id": "CVE-2010-3035",
      "lastModified": "2024-12-19T20:09:31.583",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-08-30T21:00:12.203",
      "references": "[{\"url\": \"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://osvdb.org/67696\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/41190\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024371\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2227\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://osvdb.org/67696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/41190\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1024371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3035\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2010-08-30T21:00:12.203\",\"lastModified\":\"2024-12-19T20:09:31.583\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.\"},{\"lang\":\"es\",\"value\":\"Cisco IOS XR v3.4.0 hasta la versi\u00f3n v3.9.1, si BGP est\u00e1 activado, no maneja apropiadamente los atributos transitivos no reconocidos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (\\\"peering reset\\\" o reinicio del hom\u00f3logo) a trav\u00e9s de un mensaje de anuncio de prefijos modificado, como se ha demostrado en la realidad en agosto del 2010 con el c\u00f3digo de tipo de atributo 99. Tambi\u00e9n conocido como Bug ID CSCti62211.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndIncluding\":\"3.9.1\",\"matchCriteriaId\":\"14636B6F-0D6A-4B1F-9F7E-C5A7445A5CFC\"}]}]}],\"references\":[{\"url\":\"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://osvdb.org/67696\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/41190\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024371\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2227\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://osvdb.org/67696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/41190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1024371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\", \"name\": \"ciscoiosxr-bgp-packet-dos(61443)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1024371\", \"name\": \"1024371\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\", \"name\": \"20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\", \"name\": \"[nanog] 20100827 Did your BGP crash today?\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/41190\", \"name\": \"41190\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2227\", \"name\": \"ADV-2010-2227\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://osvdb.org/67696\", \"name\": \"67696\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T02:55:46.474Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-3035\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T17:40:14.918410Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3035\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T16:07:24.860Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-08-27T00:00:00\", \"references\": [{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\", \"name\": \"ciscoiosxr-bgp-packet-dos(61443)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.securitytracker.com/id?1024371\", \"name\": \"1024371\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\", \"name\": \"20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\", \"name\": \"[nanog] 20100827 Did your BGP crash today?\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://secunia.com/advisories/41190\", \"name\": \"41190\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2227\", \"name\": \"ADV-2010-2227\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://osvdb.org/67696\", \"name\": \"67696\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2017-08-16T14:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/61443\", \"name\": \"ciscoiosxr-bgp-packet-dos(61443)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.securitytracker.com/id?1024371\", \"name\": \"1024371\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml\", \"name\": \"20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html\", \"name\": \"[nanog] 20100827 Did your BGP crash today?\", \"refsource\": \"MLIST\"}, {\"url\": \"http://secunia.com/advisories/41190\", \"name\": \"41190\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2227\", \"name\": \"ADV-2010-2227\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://osvdb.org/67696\", \"name\": \"67696\", \"refsource\": \"OSVDB\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2010-3035\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2010-3035\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T18:02:56.974Z\", \"dateReserved\": \"2010-08-17T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2010-08-30T20:00:00\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-9q29-g37m-5wmp

Vulnerability from github

Published

2022-05-17 02:05

Modified

2024-07-16 18:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-30T21:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.",
  "id": "GHSA-9q29-g37m-5wmp",
  "modified": "2024-07-16T18:31:32Z",
  "published": "2022-05-17T02:05:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3035"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
    },
    {
      "type": "WEB",
      "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/67696"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41190"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024371"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. Cisco IOS XR is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to restart, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCti62211. A remote attacker can cause a denial of service (peer reset) with the help of a specially crafted prefix advertisement. ----------------------------------------------------------------------

List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22

The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.

TITLE: Cisco IOS XR Border Gateway Protocol Denial of Service Vulnerability

SECUNIA ADVISORY ID: SA41190

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41190

RELEASE DATE: 2010-08-31

DISCUSS ADVISORY: http://secunia.com/advisories/41190/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/41190/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=41190

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Cisco IOS XR, which can be exploited by malicious people to cause a DoS (Denial of Service).

SOLUTION: Reported by the vendor.

PROVIDED AND/OR DISCOVERED BY: Apply updates (please see the vendor's advisory for details).

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.8.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.7.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.7.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.7.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.6.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.6.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.6.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.6.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.8.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.7.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.9.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.8.4"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.8.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.8.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.5.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.4.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.4.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.4.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.9.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.4.0 to  3.9.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.9"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.7"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.6"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-3035",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-3035",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-45640",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-3035",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-377",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-45640",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-3035",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211. Cisco IOS XR is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected device to restart, denying service to legitimate users. \nThis issue is tracked by Cisco Bug ID CSCti62211. A remote attacker can cause a denial of service (peer reset) with the help of a specially crafted prefix advertisement. ----------------------------------------------------------------------\n\n\nList of products vulnerable to insecure library loading vulnerabilities:\nhttp://secunia.com/_%22insecure%20library%20loading%22\n\nThe list is continuously updated as we confirm the vulnerability reports\nso check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco IOS XR Border Gateway Protocol Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41190\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41190/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41190\n\nRELEASE DATE:\n2010-08-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41190/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41190/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41190\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Cisco IOS XR, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nSOLUTION:\nReported by the vendor. \n\nPROVIDED AND/OR DISCOVERED BY:\nApply updates (please see the vendor\u0027s advisory for details). \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "PACKETSTORM",
        "id": "93323"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-3035",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "41190",
        "trust": 1.3
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2227",
        "trust": 1.2
      },
      {
        "db": "OSVDB",
        "id": "67696",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1024371",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20100827 CISCO IOS XR SOFTWARE BORDER GATEWAY PROTOCOL VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[NANOG] 20100827 DID YOUR BGP CRASH TODAY?",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "42821",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-45640",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "93323",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "PACKETSTORM",
        "id": "93323"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "id": "VAR-201008-0340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:49:17.894000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20100827-bgp",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20100827-bgp.html"
      },
      {
        "title": "Cisco: Cisco IOS XR Software Border Gateway Protocol Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20100827-bgp"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/santosomar/kev_checker "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b4411f.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://mailman.nanog.org/pipermail/nanog/2010-august/024837.html"
      },
      {
        "trust": 1.2,
        "url": "http://osvdb.org/67696"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id?1024371"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/41190"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2010/2227"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3035"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3035"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/42821"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20100827-bgp"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41190"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/41190/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/_%22insecure%20library%20loading%22"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/41190/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "PACKETSTORM",
        "id": "93323"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "db": "BID",
        "id": "42821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "db": "PACKETSTORM",
        "id": "93323"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-08-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "date": "2010-08-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "date": "2010-08-27T00:00:00",
        "db": "BID",
        "id": "42821"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "date": "2010-08-31T10:27:11",
        "db": "PACKETSTORM",
        "id": "93323"
      },
      {
        "date": "2010-08-30T21:00:12.203000",
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "date": "2010-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45640"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-3035"
      },
      {
        "date": "2010-09-01T18:37:00",
        "db": "BID",
        "id": "42821"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      },
      {
        "date": "2017-08-17T01:32:53.993000",
        "db": "NVD",
        "id": "CVE-2010-3035"
      },
      {
        "date": "2010-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS XR Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-004263"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-377"
      }
    ],
    "trust": 0.6
  }
}

gsd-2010-3035

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3035

Aliases

CVE-2010-3035

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3035",
    "description": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.",
    "id": "GSD-2010-3035"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3035"
      ],
      "details": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.",
      "id": "GSD-2010-3035",
      "modified": "2023-12-13T01:21:33.800503Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2010-3035",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "product": "IOS XR",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service.",
      "vendorProject": "Cisco",
      "vulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2010-3035",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ciscoiosxr-bgp-packet-dos(61443)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
          },
          {
            "name": "1024371",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024371"
          },
          {
            "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
          },
          {
            "name": "[nanog] 20100827 Did your BGP crash today?",
            "refsource": "MLIST",
            "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
          },
          {
            "name": "41190",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/41190"
          },
          {
            "name": "ADV-2010-2227",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2227"
          },
          {
            "name": "67696",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/67696"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3035"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100827 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
            },
            {
              "name": "[nanog] 20100827 Did your BGP crash today?",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
            },
            {
              "name": "ADV-2010-2227",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2227"
            },
            {
              "name": "1024371",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024371"
            },
            {
              "name": "41190",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/41190"
            },
            {
              "name": "67696",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/67696"
            },
            {
              "name": "ciscoiosxr-bgp-packet-dos(61443)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2010-08-30T21:00Z"
    }
  }
}

CVE-2010-3035

Vulnerability from fkie_nvd

Published

2010-08-30 21:00

Modified

2024-12-19 20:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
ykramarz@cisco.com	http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html	Mailing List
ykramarz@cisco.com	http://osvdb.org/67696	Broken Link
ykramarz@cisco.com	http://secunia.com/advisories/41190	Broken Link
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml	Broken Link, Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id?1024371	Broken Link, Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.vupen.com/english/advisories/2010/2227	Broken Link
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/61443	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/67696	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41190	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024371	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2227	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/61443	VDB Entry, Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	ios_xr	*

JSON

To clipboard

{
  "cisaActionDue": "2022-04-15",
  "cisaExploitAdd": "2022-03-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14636B6F-0D6A-4B1F-9F7E-C5A7445A5CFC",
              "versionEndIncluding": "3.9.1",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211."
    },
    {
      "lang": "es",
      "value": "Cisco IOS XR v3.4.0 hasta la versi\u00f3n v3.9.1, si BGP est\u00e1 activado, no maneja apropiadamente los atributos transitivos no reconocidos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (\"peering reset\" o reinicio del hom\u00f3logo) a trav\u00e9s de un mensaje de anuncio de prefijos modificado, como se ha demostrado en la realidad en agosto del 2010 con el c\u00f3digo de tipo de atributo 99. Tambi\u00e9n conocido como Bug ID CSCti62211."
    }
  ],
  "id": "CVE-2010-3035",
  "lastModified": "2024-12-19T20:09:31.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2010-08-30T21:00:12.203",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/67696"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41190"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024371"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2227"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://mailman.nanog.org/pipermail/nanog/2010-August/024837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/67696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/41190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1024371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61443"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3035

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

ghsa-9q29-g37m-5wmp

Vulnerability from github

var-201008-0340

Vulnerability from variot

gsd-2010-3035

Vulnerability from gsd

CVE-2010-3035

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature