CVE-2019-16021Cisco IOS XR Software vulnerability

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedSep 23
Latest updateMay 24

Description

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A suc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xr4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-w626-fpjc-h33x: Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow2022-05-24
CVEList
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities2020-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities2020-01-22
CVE-2019-16021 — Cisco IOS XR Software vulnerability | cvebase