CVE-2019-15989Improper Check for Unusual or Exceptional Conditions in Cisco IOS XR Software

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
8.6HIGHNVD
EPSS
2.5%
top 14.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-gmrf-44g4-wc8m: A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remo2022-05-24
CVEList
Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability2020-01-22
CVE-2019-15989 — Cisco IOS XR Software vulnerability | cvebase