Executive Summary

Title Cisco IOS XR Software Border Gateway Protocol Vulnerabilities
Name cisco-sa-20090818-bgp First vendor Publication 2009-08-17
Vendor Cisco Last vendor Modification 2009-08-20
Severity (Vendor) N/A Revision 2.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature. These vulnerabilities include:

* Cisco IOS XR Software will reset a BGP peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This vulnerability was disclosed in revision 1.0 of this advisory.

* Cisco IOS XR BGP process will crash when sending a long length BGP update message When Cisco IOS XR sends a long length BGP update message, the BGP process may crash. The number of AS numbers required to exceed the total/maximum length of update message and cause the crash are well above normal limits seen within production environments.

* Cisco IOS XR BGP process will crash when constructing a BGP update with a large number of AS prepends If the Cisco IOS XR BGP process is configured to prepend a very large number of Autonomous System (AS) Numbers to the AS path, the BGP process will crash. The number of AS numbers required to be prepended and cause the crash are well above normal limits seen within production environments.

All three vulnerabilities are different vulnerabilities from what was disclosed in the Cisco Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities" on the 2009 July 29 1600 UTC at the following link:


Cisco has released a free software maintenance upgrade (SMU) that addresses these vulnerabilities.

Workarounds that mitigates these vulnerabilities are available.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080af (...)

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Os 51

Open Source Vulnerability Database (OSVDB)

Id Description
57504 Cisco IOS XR Crafted BGP UPDATE Message Authenticated Remote DoS

57503 Cisco IOS XR BGP UPDATE Message AS Number Handling Remote DoS

57259 Cisco IOS XR Invalid BGP UPDATE Attribute Remote DoS