CVE-2009-1168

Severity

71%

Complexity

86%

Confidentiality

115%

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

Type

Cisco IOS

First reported 15 years ago

2009-07-30 18:30:00

Last updated 7 years ago

2017-09-29 01:34:00

Affected Software

Cisco IOS 12.0 (32)S12

12.0\(32\)s12

Cisco IOS 12.0 (32)S13

12.0\(32\)s13

Cisco IOS 12.0 (32)SY8

12.0\(32\)sy8

Cisco IOS 12.0 (32)SY9

12.0\(32\)sy9

Cisco IOS 12.0 (33)S3

12.0\(33\)s3

Cisco IOS 12.0 (33)S4

12.0\(33\)s4

Cisco IOS 12.2 (33)SXI1

12.2\(33\)sxi1

Cisco IOS 12.2 (33)SXI2

12.2\(33\)sxi2

Cisco IOS 12.2XNC

12.2xnc

Cisco IOS 12.2XND

12.2xnd

Cisco IOS 12.4 (24)T1

12.4\(24\)t1

Cisco IOS XE 2.3.1t

2.3.1t

Cisco IOS XE 2.4.0

2.4.0

References

36046

20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

Patch, Vendor Advisory

35862

1022619

ADV-2009-2082

oval:org.mitre.oval:def:6697

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.