CVE-2009-1154

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 3.8.1 and earlier

Description The issue allows remote attackers to cause a denial of service via a long BGP UPDATE message. Specifically, when a BGP peer announces a prefix with a specific invalid attribute, the Cisco IOS XR device will restart the peering session. Additionally, the BGP process may crash when sending a long length BGP update message or when constructing a BGP update with a large number of AS prepends.

Recommendations For Cisco IOS XR versions 3.8.1 and earlier, apply the free software maintenance upgrade (SMU) released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting the length of BGP update messages and the number of AS prepends to prevent the BGP process from crashing. Avoid using the AS Path Attribute with many AS numbers in the BGP UPDATE message until the issue is resolved.