How to Buy
This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for
Four-octet AS Number Space") and contain two remote denial of service
(DoS) vulnerabilities when handling specific Border Gateway Protocol
These vulnerabilities affect only devices running Cisco IOS Software
with support for four-octet AS number space (here after referred to as
4-byte AS number) and BGP routing configured.
The first vulnerability could cause an affected device to reload when
processing a BGP update that contains autonomous system (AS) path
segments made up of more than one thousand autonomous systems.
The second vulnerability could cause an affected device to reload when
the affected device processes a malformed BGP update that has been
crafted to trigger the issue.
Cisco has released free software updates to address these
No workarounds are available for the first vulnerability.
A workaround is available for the second vulnerability.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true
Nessus Plugin ID: 49037 (cisco-sa-20090729-bgphttp.nasl)
Bugtraq ID: 3586035862
CVE ID: CVE-2009-1168CVE-2009-2049
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.