Executive Summary

Summary
Title Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities
Informations
Name cisco-sa-20090729-bgp First vendor Publication 2009-06-12
Vendor Cisco Last vendor Modification 2009-07-29
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured.

The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems.

The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.

Cisco has released free software updates to address these vulnerabilities.

No workarounds are available for the first vulnerability.

A workaround is available for the second vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae (...)

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
50 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6697
 
Oval ID: oval:org.mitre.oval:def:6697
Title: Cisco IOS Software BGP Routing Dos Vulnerability
Description: Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.
Family: ios Class: vulnerability
Reference(s): CVE-2009-1168
 Version: 5
Platform(s): Cisco IOS
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6853
 
Oval ID: oval:org.mitre.oval:def:6853
Title: Cisco IOS Software BGP Routing Dos Vulnerability
Description: Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.
Family: ios Class: vulnerability
Reference(s): CVE-2009-2049
 Version: 5
Platform(s): Cisco IOS
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 11
Os 4

Open Source Vulnerability Database (OSVDB)

Id Description
56705 Cisco IOS Border Gateway Protocol (BGP) Malformed Update Message Remote DoS
56704 Cisco IOS Border Gateway Protocol (BGP) Update Malformed AS Path Segment Remo...

Nessus® Vulnerability Scanner

Date Description
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090729-bgphttp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 10:21:56
  • Multiple Updates
2013-05-11 00:42:35
  • Multiple Updates