Sign-up

ID

VAR-200908-0261


CVE

CVE-2009-2056


TITLE

Cisco IOS XR Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-002679

DESCRIPTION

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. Cisco IOS XR Is AS Service operation disruption due to incomplete number-related processing (DoS) There is a vulnerability that becomes a condition.Service disruption by remotely authenticated user (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the BGP process to crash, creating a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtb12726. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. Both the number of AS numbers required to prepend and the resulting crashes exceeded normal limits in a production environment. When the BGP process of an affected device crashes due to such an oversized AS path forwarding, no log message is generated before the crash

Trust: 1.98

sources: NVD: CVE-2009-2056 // JVNDB: JVNDB-2009-002679 // BID: 36093 // VULHUB: VHN-39502

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:3.7.3

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.7.2

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.7.1

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.6.3

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.6.2

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.6.1

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.6

Trust: 1.9

vendor:ciscomodel:ios xrscope:eqversion:3.7.0

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:3.5

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:3.6.0

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:3.7

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.5.4

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.5.3

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.5.2

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.4.3

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.4.2

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.4.1

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.4

Trust: 1.3

vendor:ciscomodel:ios xrscope:eqversion:3.2.4

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.0.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.2.50

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.8.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.1.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:3.8.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.2.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.2.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.2.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:3.4.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:3.8.1

Trust: 0.8

vendor:ciscomodel:ios xrscope:eqversion:3.8.1

Trust: 0.3

vendor:ciscomodel:ios xrscope:eqversion:3.8

Trust: 0.3

sources: BID: 36093 // JVNDB: JVNDB-2009-002679 // CNNVD: CNNVD-200908-340 // NVD: CVE-2009-2056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2056
value: LOW

Trust: 1.0

NVD: CVE-2009-2056
value: LOW

Trust: 0.8

CNNVD: CNNVD-200908-340
value: LOW

Trust: 0.6

VULHUB: VHN-39502
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2009-2056
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39502
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39502 // JVNDB: JVNDB-2009-002679 // CNNVD: CNNVD-200908-340 // NVD: CVE-2009-2056

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-39502 // JVNDB: JVNDB-2009-002679 // NVD: CVE-2009-2056

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-340

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200908-340

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002679

PATCH
title:cisco-sa-20090818-bgp.shtmlurl:http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002679

EXTERNAL IDS
db:NVDid:CVE-2009-2056
Trust: 2.8
db:SECTRACKid:1022756
Trust: 2.5
db:JVNDBid:JVNDB-2009-002679
Trust: 0.8
db:CNNVDid:CNNVD-200908-340
Trust: 0.7
db:CISCOid:20090818 CISCO IOS XR SOFTWARE BORDER GATEWAY PROTOCOL VULNERABILITY
Trust: 0.6
db:BIDid:36093
Trust: 0.4
db:VULHUBid:VHN-39502
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39502 // 
            
            
            
            BID: 36093 // 
            
            
            
            JVNDB: JVNDB-2009-002679 // 
            
            
            
            CNNVD: CNNVD-200908-340 // 
            
            
            
            NVD: CVE-2009-2056

REFERENCES
url:http://securitytracker.com/id?1022756
Trust: 2.5
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080af150f.shtml
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2056
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2056
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-39502 // 
            
            
            
            BID: 36093 // 
            
            
            
            JVNDB: JVNDB-2009-002679 // 
            
            
            
            CNNVD: CNNVD-200908-340 // 
            
            
            
            NVD: CVE-2009-2056

CREDITS
Cisco Security bulletin
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200908-340

SOURCES
db:VULHUBid:VHN-39502
db:BIDid:36093
db:JVNDBid:JVNDB-2009-002679
db:CNNVDid:CNNVD-200908-340
db:NVDid:CVE-2009-2056

LAST UPDATE DATE
2024-11-23T22:27:52.328000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39502date:2009-08-21T00:00:00
db:BIDid:36093date:2009-08-24T15:32:00
db:JVNDBid:JVNDB-2009-002679date:2011-06-15T00:00:00
db:CNNVDid:CNNVD-200908-340date:2009-08-21T00:00:00
db:NVDid:CVE-2009-2056date:2024-11-21T01:04:01.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-39502date:2009-08-21T00:00:00
db:BIDid:36093date:2009-08-20T00:00:00
db:JVNDBid:JVNDB-2009-002679date:2011-06-15T00:00:00
db:CNNVDid:CNNVD-200908-340date:2009-08-21T00:00:00
db:NVDid:CVE-2009-2056date:2009-08-21T17:30:00.297