CVE-2019-1749Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input Validation6 documents5 sources
Severity
7.4HIGHNVD
EPSS
0.4%
top 40.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 28
Latest updateMay 13

Description

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF ver

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software49 versions+48
NVDcisco/ios_xe48 versions+47

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-6v8f-xrrm-w3x9: A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (R2022-05-13
CVEList
Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability2019-03-27

📋Vendor Advisories

1
Cisco
Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability2019-03-27

💬Community

2
Bugzilla
CVE-2019-3885 pacemaker: Information disclosure through use-after-free2019-04-01
Bugzilla
CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS2018-12-10
CVE-2019-1749 — Improper Input Validation in Cisco | cvebase