cvelistv5 - cve-2009-1154

cve-2009-1154

Vulnerability from cvelistv5

Published

2009-08-21 17:00

Modified

2024-09-16 22:45

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://securitytracker.com/id?1022756
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022756
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022756",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022756"
          },
          {
            "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-08-21T17:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1022756",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022756"
        },
        {
          "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022756",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022756"
            },
            {
              "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-1154",
    "datePublished": "2009-08-21T17:00:00Z",
    "dateReserved": "2009-03-26T00:00:00Z",
    "dateUpdated": "2024-09-16T22:45:31.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.1\", \"matchCriteriaId\": \"1A71883C-A3DF-4FB3-8BA9-61A0E4DFD2F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75538529-611A-43B5-AC4D-089C4E2E2ACC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00DA2581-F618-4F2A-AB65-DA23DF51AF89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81797938-F953-42BE-B287-AA48B9860AF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92AED038-C73F-4499-B064-F01D80DB0C64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB7A249B-AF69-47D0-B6DE-968B4CD0BA42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F992D03D-1DB8-44C1-B59D-1C09A32A2C91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5F15240-6323-4766-801A-D887F3EA8A6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99DC1CF-78DC-4E59-98BA-DD84702D6467\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B9FA754-E3D2-4D80-8F4B-41139973D9FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F497A05C-2FC5-427D-8036-2476ACA956C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2252E7B0-9112-4E9E-8CF4-4EC53C630CFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1131A524-AA7A-4C94-9FFE-54546EA7D2CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D1A634-D39C-4305-8915-4AA289FB68EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21BAB799-3150-46D8-AEA3-9FCC73203221\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99042285-94AC-4C57-8EAA-EE63C678A94A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E752AA9-CC1C-44B6-A916-A3C76A57F05C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71CBE50E-9BD3-4F74-8C7A-BE4905090EE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96F48419-AF66-4B50-ACBF-9E38287A64FA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.\"}, {\"lang\": \"es\", \"value\": \"Cisco IOS XR 3.8.1 y versiones anteriores permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (caida de proceso) mediante un mensaje BGP UPDATE, como se ha demostrado con un mensaje con muchos n\\u00fameros AS en el AS Path Attribute.\"}]",
      "id": "CVE-2009-1154",
      "lastModified": "2024-11-21T01:01:47.580",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:M/C:N/I:N/A:P\", \"baseScore\": 3.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"MULTIPLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-08-21T17:30:00.203",
      "references": "[{\"url\": \"http://securitytracker.com/id?1022756\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1022756\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1154\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2009-08-21T17:30:00.203\",\"lastModified\":\"2024-11-21T01:01:47.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.\"},{\"lang\":\"es\",\"value\":\"Cisco IOS XR 3.8.1 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida de proceso) mediante un mensaje BGP UPDATE, como se ha demostrado con un mensaje con muchos n\u00fameros AS en el AS Path Attribute.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.1\",\"matchCriteriaId\":\"1A71883C-A3DF-4FB3-8BA9-61A0E4DFD2F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75538529-611A-43B5-AC4D-089C4E2E2ACC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00DA2581-F618-4F2A-AB65-DA23DF51AF89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81797938-F953-42BE-B287-AA48B9860AF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92AED038-C73F-4499-B064-F01D80DB0C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7A249B-AF69-47D0-B6DE-968B4CD0BA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F992D03D-1DB8-44C1-B59D-1C09A32A2C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5F15240-6323-4766-801A-D887F3EA8A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99DC1CF-78DC-4E59-98BA-DD84702D6467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B9FA754-E3D2-4D80-8F4B-41139973D9FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F497A05C-2FC5-427D-8036-2476ACA956C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2252E7B0-9112-4E9E-8CF4-4EC53C630CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1131A524-AA7A-4C94-9FFE-54546EA7D2CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D1A634-D39C-4305-8915-4AA289FB68EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BAB799-3150-46D8-AEA3-9FCC73203221\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99042285-94AC-4C57-8EAA-EE63C678A94A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E752AA9-CC1C-44B6-A916-A3C76A57F05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71CBE50E-9BD3-4F74-8C7A-BE4905090EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F48419-AF66-4B50-ACBF-9E38287A64FA\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1022756\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1022756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. An attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtb05382. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The number of AS numbers must exceed the full or maximum length of the update message to trigger this vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.5.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.4.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.4.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.4.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "ios xr",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "3.8.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.4.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.6.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.5"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.7.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.7.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.7.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.6.3"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.6.2"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "3.6.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.8.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.7.0"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8.1"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.8"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.7"
      },
      {
        "model": "ios xr",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1154",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "MULTIPLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.4,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Multiple",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 3.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-1154",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "MULTIPLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.4,
            "id": "VHN-38600",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:M/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-1154",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200908-327",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-38600",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. \nAn attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCtb05382. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The number of AS numbers must exceed the full or maximum length of the update message to trigger this vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "BID",
        "id": "36092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1154",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1022756",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20090818 CISCO IOS XR SOFTWARE BORDER GATEWAY PROTOCOL VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "36092",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-38600",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "db": "BID",
        "id": "36092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "id": "VAR-200908-0252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:31:43.146000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20090818-bgp",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1022756"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080af150f.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1154"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1154"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "db": "BID",
        "id": "36092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "db": "BID",
        "id": "36092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-08-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "date": "2009-08-20T00:00:00",
        "db": "BID",
        "id": "36092"
      },
      {
        "date": "2011-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "date": "2009-08-21T17:30:00.203000",
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "date": "2009-08-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-08-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38600"
      },
      {
        "date": "2009-08-24T15:32:00",
        "db": "BID",
        "id": "36092"
      },
      {
        "date": "2011-06-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      },
      {
        "date": "2009-08-21T17:30:00.203000",
        "db": "NVD",
        "id": "CVE-2009-1154"
      },
      {
        "date": "2009-08-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS XR Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002660"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-327"
      }
    ],
    "trust": 0.6
  }
}

gsd-2009-1154

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-1154

Aliases

CVE-2009-1154

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1154",
    "description": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.",
    "id": "GSD-2009-1154"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1154"
      ],
      "details": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.",
      "id": "GSD-2009-1154",
      "modified": "2023-12-13T01:19:48.360268Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2009-1154",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1022756",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022756"
          },
          {
            "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1154"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022756",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022756"
            },
            {
              "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "MULTIPLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2009-08-21T17:30Z",
      "publishedDate": "2009-08-21T17:30Z"
    }
  }
}

ghsa-6qm4-24f4-g249

Vulnerability from github

Published

2022-05-02 03:22

Modified

2022-05-02 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-21T17:30:00Z",
    "severity": "LOW"
  },
  "details": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.",
  "id": "GHSA-6qm4-24f4-g249",
  "modified": "2022-05-02T03:22:12Z",
  "published": "2022-05-02T03:22:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1154"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022756"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2009-1154

Vulnerability from fkie_nvd

Published

2009-08-21 17:30

Modified

2024-11-21 01:01

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://securitytracker.com/id?1022756
ykramarz@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022756
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xr	*
cisco	ios_xr	3.4
cisco	ios_xr	3.4.0
cisco	ios_xr	3.4.1
cisco	ios_xr	3.4.2
cisco	ios_xr	3.4.3
cisco	ios_xr	3.5
cisco	ios_xr	3.5.2
cisco	ios_xr	3.5.3
cisco	ios_xr	3.5.4
cisco	ios_xr	3.6.0
cisco	ios_xr	3.6.1
cisco	ios_xr	3.6.2
cisco	ios_xr	3.6.3
cisco	ios_xr	3.7.0
cisco	ios_xr	3.7.1
cisco	ios_xr	3.7.2
cisco	ios_xr	3.7.3
cisco	ios_xr	3.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A71883C-A3DF-4FB3-8BA9-61A0E4DFD2F3",
              "versionEndIncluding": "3.8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75538529-611A-43B5-AC4D-089C4E2E2ACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DA2581-F618-4F2A-AB65-DA23DF51AF89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81797938-F953-42BE-B287-AA48B9860AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92AED038-C73F-4499-B064-F01D80DB0C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7A249B-AF69-47D0-B6DE-968B4CD0BA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F992D03D-1DB8-44C1-B59D-1C09A32A2C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5F15240-6323-4766-801A-D887F3EA8A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99DC1CF-78DC-4E59-98BA-DD84702D6467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B9FA754-E3D2-4D80-8F4B-41139973D9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F497A05C-2FC5-427D-8036-2476ACA956C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2252E7B0-9112-4E9E-8CF4-4EC53C630CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1131A524-AA7A-4C94-9FFE-54546EA7D2CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D1A634-D39C-4305-8915-4AA289FB68EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BAB799-3150-46D8-AEA3-9FCC73203221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "99042285-94AC-4C57-8EAA-EE63C678A94A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E752AA9-CC1C-44B6-A916-A3C76A57F05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CBE50E-9BD3-4F74-8C7A-BE4905090EE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F48419-AF66-4B50-ACBF-9E38287A64FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute."
    },
    {
      "lang": "es",
      "value": "Cisco IOS XR 3.8.1 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida de proceso) mediante un mensaje BGP UPDATE, como se ha demostrado con un mensaje con muchos n\u00fameros AS en el AS Path Attribute."
    }
  ],
  "id": "CVE-2009-1154",
  "lastModified": "2024-11-21T01:01:47.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "MULTIPLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-21T17:30:00.203",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://securitytracker.com/id?1022756"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-1154

Vulnerability from cvelistv5

var-200908-0252

Vulnerability from variot

gsd-2009-1154

Vulnerability from gsd

ghsa-6qm4-24f4-g249

Vulnerability from github

cve-2009-1154

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature