CVE-2019-16022Uncontrolled Resource Consumption in Cisco IOS XR Software

CWE-399CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
8.6HIGHNVD
EPSS
2.5%
top 14.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedJan 26
Latest updateMay 24

Description

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A suc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3f9h-g4f4-pchh: Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow2022-05-24
CVEList
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities2020-01-26

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities2020-01-22
CVE-2019-16022 — Uncontrolled Resource Consumption | cvebase