CVE-2019-16018Uncontrolled Resource Consumption in Cisco IOS XR Software

CWE-399CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
1.9%
top 16.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedJan 26
Latest updateMay 24

Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting fo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-638h-mp9x-p4wm: A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unaut2022-05-24
CVEList
Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability2020-01-26

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability2020-01-22
CVE-2019-16018 — Uncontrolled Resource Consumption | cvebase