CVE-2009-2055 - Vulnerability Details

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is in the KEV database since March 25, 2022.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Ios Xr

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios_xr:3.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.4.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.5.4:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.6.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.1:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.2:::::::*
	cpe:2.3:o:cisco:ios_xr:3.7.3:::::::*
	cpe:2.3:o:cisco:ios_xr:3.8.0:::::::*
	cpe:2.3:o:cisco:ios_xr:3.8.1:::::::*

No data.

References

Link	Providers
http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html
http://securitytracker.com/id?1022739
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

History

Wed, 22 Oct 2025 01:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-2055

Fri, 15 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-25'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2009-08-19T17:00:00.000Z

Updated: 2025-10-22T00:05:54.237Z

Reserved: 2009-06-12T00:00:00.000Z

Link: CVE-2009-2055

Vulnrichment

Updated: 2024-08-07T05:36:20.975Z

NVD

Status : Deferred

Published: 2009-08-19T17:30:01.047

Modified: 2025-10-22T01:15:34.683

Link: CVE-2009-2055

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object