CVE-2019-1849Improper Check for Unusual or Exceptional Conditions in Cisco IOS XR Software

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.1%
top 67.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMay 16
Latest updateMay 24

Description

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the target

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr6.1.06.3.3+3

🔴Vulnerability Details

2
GHSA
GHSA-3r3r-w8v7-6jqq: A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Softw2022-05-24
CVEList
Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability2019-05-16

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability2019-05-15
CVE-2019-1849 — Cisco IOS XR Software vulnerability | cvebase