CVE-2019-1760Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input Validation4 documents4 sources
Severity
5.9MEDIUMNVD
CNA6.8
EPSS
0.4%
top 40.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 28
Latest updateMay 13

Description

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software41 versions+40
NVDcisco/ios_xe41 versions+40

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-7p5m-79w6-6wjq: A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affecte2022-05-13
CVEList
Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability2019-03-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability2019-03-27
CVE-2019-1760 — Improper Input Validation in Cisco | cvebase