Vulnerabilities > Cisco > IOS XR > 3.8.4

DATE CVE VULNERABILITY TITLE RISK
2010-08-30 CVE-2010-3035 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
network
low complexity
cisco CWE-20
5.0
5.0
2009-08-21 CVE-2009-2056 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
network
low complexity
cisco CWE-264
3.3
3.3
2009-08-21 CVE-2009-1154 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
network
low complexity
cisco CWE-119
3.3
3.3