Loading
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
Use CWE-20, Cisco vendor hub and Ios Xr product page to widen CVE-2009-2055 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-20363, CVE-2025-20138 and CVE-2025-20154 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: January 30th, 2026.