{"vuid":"VU#106392","idnumber":"106392","name":"Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE","keywords":["Cisco","IOS","BGP","UPDATE","CSCdt79947","NLRI","transitive attribute","router","TLV"],"overview":"There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS.","clean_desc":"There is a problem involving BGP updates on Cisco routers with BGP4 Prefix Filtering and Inbound Route Maps enabled. A route update with an unrecognized transitive attribute may cause vulnerable routers to crash. This problem does not appear to have been exploited intentionally by attackers, but it has occurred accidentally during normal operation as the result of interaction with another vendor's product. More information on this problem is available from Cisco at: http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml","impact":"Attackers that are able to send malformed BGP updates can cause vulnerable routers to crash causing network outages. Under certain circumstances, an attacker may be able to use the BGP infrastructure to propogate the bad route update to multiple routers.","resolution":"Cisco has released an advisory that provides a list of affected products, along with instructions for obtaining fixed software. Because there are many possible combinations of hardware and software configurations, the CERT/CC recommends that all users of IOS and software consult the following Cisco Security Advisory: http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml","workarounds":"","sysaffected":"","thanks":"The CERT/CC would like to thank Cisco Systems for providing a description of this vulnerability and a patch to address it.","author":"This document was written by Ian A. Finlay and is based on information obtained from a Cisco Security Advisory.","public":["http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml","http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#xtocid124918","http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1cdbgp.htm#xtocid124934","http://www.securityfocus.com/bid/2733"],"cveids":["CVE-2001-0650"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-05-10T17:05:49Z","publicdate":"2001-05-10T00:00:00Z","datefirstpublished":"2001-05-10T21:10:32Z","dateupdated":"2003-04-09T19:33:31Z","revision":28,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"18","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"21.546","cam_scorecurrentwidelyknown":"22.68","cam_scorecurrentwidelyknownexploited":"34.02","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":21.546,"vulnote":null}