CVE-2010-3035

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 3.4.0 through 3.9.1

Description The issue arises when Cisco IOS XR does not properly handle unrecognized transitive attributes in BGP, allowing remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement. This has been demonstrated in the wild with attribute type code 99. The vulnerability manifests when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute, causing the Cisco IOS XR device to corrupt the attribute before sending it to neighboring devices, which may then reset the BGP peering session.

Recommendations For Cisco IOS XR versions 3.4.0 through 3.9.1, update to a version that includes the fix for this issue, as Cisco has released software updates that address this vulnerability. As a temporary workaround, consider restricting the handling of unrecognized transitive attributes in BGP to minimize the risk of exploitation.