CVE-2019-1909Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input Validation6 documents6 sources
Severity
5.9MEDIUMNVD
CNA6.8
EPSS
0.4%
top 36.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedJul 6
Latest updateMay 24

Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.4.2
NVDcisco/ios_xr4.3.16.6.2

🔴Vulnerability Details

2
GHSA
GHSA-2qrh-hw5v-7wp4: A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote a2022-05-24
CVEList
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability2019-07-06

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability2019-07-03

🕵️Threat Intelligence

1
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-13502020-07-21
CVE-2019-1909 — Improper Input Validation in Cisco | cvebase