CVE-2019-1761 — Improper Initialization in Cisco IOS AND IOS XE Software

CWE-665 — Improper Initialization6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 77.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS AND IOS XE Software Cisco IOS Cisco IOS XE

Timeline

PublishedMar 28

Latest updateMay 13

Description

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent dev…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5cisco/cisco_ios_and_ios_xe_software272 versions+271

▶NVDcisco/ios1490 versions+1489

▶NVDcisco/ios_xe271 versions+270

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-ww5w-rpfr-5qgm: A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker↗2022-05-13

▶

CVEList

Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability↗2019-03-28

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability↗2019-03-27

▶