Vulnerabilities > Cisco > IOS XR > 3.8.1

DATE CVE VULNERABILITY TITLE RISK
2010-08-30 CVE-2010-3035 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
network
low complexity
cisco CWE-20
5.0
5.0
2009-08-21 CVE-2009-2056 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
network
low complexity
cisco CWE-264
3.3
3.3
2009-08-21 CVE-2009-1154 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
network
low complexity
cisco CWE-119
3.3
3.3
2009-08-19 CVE-2009-2055 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
network
cisco CWE-20
4.3
4.3