Lucene search

[email protected]CVE-2019-1749

HistoryMar 28, 2019 - 12:29 a.m.

CVE-2019-1749

2019-03-2800:29:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

ios xe

asr 900

rsp3

vulnerability

dos

nvd

cve-2019-1749

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

29.0%

JSON

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.

Affected configurations

NVD

Node

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.16.0as

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.4bs

ciscoios_xeMatch3.16.4cs

ciscoios_xeMatch3.16.4ds

ciscoios_xeMatch3.16.4es

ciscoios_xeMatch3.16.4gs

ciscoios_xeMatch3.16.4s

ciscoios_xeMatch3.16.5as

ciscoios_xeMatch3.16.5s

ciscoios_xeMatch3.16.6bs

ciscoios_xeMatch3.16.6s

ciscoios_xeMatch3.16.7bs

ciscoios_xeMatch3.16.7s

ciscoios_xeMatch3.16.8s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.17.4s

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1gsp

ciscoios_xeMatch3.18.1hsp

ciscoios_xeMatch3.18.1isp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.2sp

ciscoios_xeMatch3.18.3s

ciscoios_xeMatch3.18.3sp

ciscoios_xeMatch3.18.4s

ciscoios_xeMatch3.18.4sp

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.13.6as
cisco:ios_xecisco ios xeeq3.16.0as
cisco:ios_xecisco ios xeeq3.16.1as
cisco:ios_xecisco ios xeeq3.16.2as
cisco:ios_xecisco ios xeeq3.16.3as
cisco:ios_xecisco ios xeeq3.16.4bs
cisco:ios_xecisco ios xeeq3.16.4cs
cisco:ios_xecisco ios xeeq3.16.4ds
cisco:ios_xecisco ios xeeq3.16.4es
cisco:ios_xecisco ios xeeq3.16.4gs

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.13.6as
cisco:ios_xe	cisco ios xe	eq	3.16.0as
cisco:ios_xe	cisco ios xe	eq	3.16.1as
cisco:ios_xe	cisco ios xe	eq	3.16.2as
cisco:ios_xe	cisco ios xe	eq	3.16.3as
cisco:ios_xe	cisco ios xe	eq	3.16.4bs
cisco:ios_xe	cisco ios xe	eq	3.16.4cs
cisco:ios_xe	cisco ios xe	eq	3.16.4ds
cisco:ios_xe	cisco ios xe	eq	3.16.4es
cisco:ios_xe	cisco ios xe	eq	3.16.4gs

Rows per page:

1-10 of 481

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "3.13.6aS"
      },
      {
        "status": "affected",
        "version": "3.16.0aS"
      },
      {
        "status": "affected",
        "version": "3.16.1aS"
      },
      {
        "status": "affected",
        "version": "3.16.2aS"
      },
      {
        "status": "affected",
        "version": "3.16.3aS"
      },
      {
        "status": "affected",
        "version": "3.16.4S"
      },
      {
        "status": "affected",
        "version": "3.16.4bS"
      },
      {
        "status": "affected",
        "version": "3.16.4gS"
      },
      {
        "status": "affected",
        "version": "3.16.5S"
      },
      {
        "status": "affected",
        "version": "3.16.4cS"
      },
      {
        "status": "affected",
        "version": "3.16.4dS"
      },
      {
        "status": "affected",
        "version": "3.16.4eS"
      },
      {
        "status": "affected",
        "version": "3.16.6S"
      },
      {
        "status": "affected",
        "version": "3.16.5aS"
      },
      {
        "status": "affected",
        "version": "3.16.7S"
      },
      {
        "status": "affected",
        "version": "3.16.6bS"
      },
      {
        "status": "affected",
        "version": "3.16.7bS"
      },
      {
        "status": "affected",
        "version": "3.16.8S"
      },
      {
        "status": "affected",
        "version": "3.17.0S"
      },
      {
        "status": "affected",
        "version": "3.17.1S"
      },
      {
        "status": "affected",
        "version": "3.17.2S"
      },
      {
        "status": "affected",
        "version": "3.17.3S"
      },
      {
        "status": "affected",
        "version": "3.17.4S"
      },
      {
        "status": "affected",
        "version": "16.5.1"
      },
      {
        "status": "affected",
        "version": "16.5.2"
      },
      {
        "status": "affected",
        "version": "16.5.3"
      },
      {
        "status": "affected",
        "version": "3.18.0S"
      },
      {
        "status": "affected",
        "version": "3.18.1S"
      },
      {
        "status": "affected",
        "version": "3.18.2S"
      },
      {
        "status": "affected",
        "version": "3.18.3S"
      },
      {
        "status": "affected",
        "version": "3.18.4S"
      },
      {
        "status": "affected",
        "version": "3.18.0SP"
      },
      {
        "status": "affected",
        "version": "3.18.1SP"
      },
      {
        "status": "affected",
        "version": "3.18.1gSP"
      },
      {
        "status": "affected",
        "version": "3.18.1bSP"
      },
      {
        "status": "affected",
        "version": "3.18.2SP"
      },
      {
        "status": "affected",
        "version": "3.18.1hSP"
      },
      {
        "status": "affected",
        "version": "3.18.1iSP"
      },
      {
        "status": "affected",
        "version": "3.18.3SP"
      },
      {
        "status": "affected",
        "version": "3.18.4SP"
      },
      {
        "status": "affected",
        "version": "16.6.1"
      },
      {
        "status": "affected",
        "version": "16.6.2"
      },
      {
        "status": "affected",
        "version": "16.6.3"
      },
      {
        "status": "affected",
        "version": "16.6.4"
      },
      {
        "status": "affected",
        "version": "16.7.1"
      },
      {
        "status": "affected",
        "version": "16.7.2"
      },
      {
        "status": "affected",
        "version": "16.8.1"
      },
      {
        "status": "affected",
        "version": "16.8.1b"
      },
      {
        "status": "affected",
        "version": "16.8.1c"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107615

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for CVE-2019-1749

cvelist1 nvd1 prion1 nessus1 cisco1