CVE-2019-1710Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.9%
top 16.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedApr 17
Latest updateMay 13

Description

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.5.3+1
NVDcisco/ios_xr7.07.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-hj3w-wg7f-x694: A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could2022-05-13
CVEList
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability2019-04-17

📋Vendor Advisories

1
Cisco
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability2019-04-17
CVE-2019-1710 — Improper Input Validation in Cisco | cvebase