CVE-2009-1168

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0(32)S12 through 12.0(32)S13 Cisco IOS versions 12.0(33)S3 through 12.0(33)S4 Cisco IOS versions 12.0(32)SY8 through 12.0(32)SY9 Cisco IOS version 12.2(33)SXI1 Cisco IOS versions 12.2XNC prior to 12.2(33)XNC2 Cisco IOS versions 12.2XND prior to 12.2(33)XND1 Cisco IOS version 12.4(24)T1 Cisco IOS XE versions 2.3 through 2.3.1t Cisco IOS XE versions 2.4 through 2.4.0

Description The issue affects devices running Cisco IOS Software with support for four-octet AS number space and BGP routing configured. Two remote denial of service vulnerabilities exist when handling specific Border Gateway Protocol updates. The first vulnerability could cause an affected device to reload when processing a BGP update containing autonomous system path segments made up of more than one thousand autonomous systems. The second vulnerability could cause an affected device to reload when processing a malformed BGP update crafted to trigger the issue.

Recommendations For Cisco IOS versions 12.0(32)S12 through 12.0(32)S13, update to a fixed version to address the vulnerabilities. For Cisco IOS versions 12.0(33)S3 through 12.0(33)S4, update to a fixed version to address the vulnerabilities. For Cisco IOS versions 12.0(32)SY8 through 12.0(32)SY9, update to a fixed version to address the vulnerabilities. For Cisco IOS version 12.2(33)SXI1, update to a fixed version to address the vulnerabilities. For Cisco IOS versions 12.2XNC prior to 12.2(33)XNC2, update to version 12.2(33)XNC2 or later to address the vulnerabilities. For Cisco IOS versions 12.2XND prior to 12.2(33)XND1, update to version 12.2(33)XND1 or later to address the vulnerabilities. For Cisco IOS version 12.4(24)T1, update to a fixed version to address the vulnerabilities. For Cisco IOS XE versions 2.3 through 2.3.1t, update to a fixed version to address the vulnerabilities. For Cisco IOS XE versions 2.4 through 2.4.0, update to a fixed version to address the vulnerabilities. As a temporary workaround for the second vulnerability, consider implementing a workaround as described in the Cisco security advisory.