var-200908-0252
Vulnerability from variot
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. An attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtb05382. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The number of AS numbers must exceed the full or maximum length of the update message to trigger this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200908-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.5.4"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.5.3"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.4.3"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.4.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.4.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ios xr",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "3.8.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.4.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.6.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.7.3"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.7.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.7.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.6.3"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.6.2"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.6.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7.0"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.8.1"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.8"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.7"
},
{
"model": "ios xr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6"
}
],
"sources": [
{
"db": "BID",
"id": "36092"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.8.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1154"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1154",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Multiple",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1154",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "VHN-38600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:M/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1154",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-327",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-38600",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38600"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. \nAn attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCtb05382. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. The number of AS numbers must exceed the full or maximum length of the update message to trigger this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "BID",
"id": "36092"
},
{
"db": "VULHUB",
"id": "VHN-38600"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1154",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1022756",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20090818 CISCO IOS XR SOFTWARE BORDER GATEWAY PROTOCOL VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "36092",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-38600",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38600"
},
{
"db": "BID",
"id": "36092"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"id": "VAR-200908-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38600"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:31:43.146000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090818-bgp",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38600"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1022756"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080af150f.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1154"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1154"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38600"
},
{
"db": "BID",
"id": "36092"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38600"
},
{
"db": "BID",
"id": "36092"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-38600"
},
{
"date": "2009-08-20T00:00:00",
"db": "BID",
"id": "36092"
},
{
"date": "2011-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"date": "2009-08-21T17:30:00.203000",
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"date": "2009-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-38600"
},
{
"date": "2009-08-24T15:32:00",
"db": "BID",
"id": "36092"
},
{
"date": "2011-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002660"
},
{
"date": "2009-08-21T17:30:00.203000",
"db": "NVD",
"id": "CVE-2009-1154"
},
{
"date": "2009-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XR Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-327"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.