Vulnerabilities > Cisco > IOS XR > 3.4.2

DATE CVE VULNERABILITY TITLE RISK
2009-08-21 CVE-2009-2056 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
network
low complexity
cisco CWE-264
3.3
3.3
2009-08-21 CVE-2009-1154 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
network
low complexity
cisco CWE-119
3.3
3.3
2009-08-19 CVE-2009-2055 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
network
cisco CWE-20
4.3
4.3