CVE-2004-0589

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 11.1(x) through 11.3(x) Cisco IOS versions 12.0(x) through 12.2(x)

Description The issue allows remote attackers to cause a denial of service, resulting in a device reload, via malformed BGP OPEN or UPDATE messages. A Cisco device running IOS and enabled for the Border Gateway Protocol is vulnerable to this attack. The BGP protocol is not enabled by default and must be configured to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.

Recommendations For Cisco IOS versions 11.1(x) through 11.3(x), update to a version that includes the fix made available by Cisco. For Cisco IOS versions 12.0(x) through 12.2(x), update to a version that includes the fix made available by Cisco. As a temporary workaround, consider restricting BGP traffic to only trusted peers to minimize the risk of exploitation.