CVE-2019-1846Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 65.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMay 16
Latest updateMay 24

Description

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affect

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr5.3.3

🔴Vulnerability Details

2
GHSA
GHSA-554h-cqv3-h79q: A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software2022-05-24
CVEList
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability2019-05-16

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability2019-05-15
CVE-2019-1846 — Improper Input Validation in Cisco | cvebase