CVE-2019-1910 — Improper Input Validation in Cisco IOS XR Software

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 67.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR Software Cisco IOS XR Cisco Carrier Routing System

Timeline

PublishedAug 7

Latest updateMay 24

Description

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A succe…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5cisco/cisco_ios_xr_softwareunspecified — 6.6.3

▶NVDcisco/carrier_routing_system7.0.1

▶NVDcisco/ios_xr< 6.6.3

🔴Vulnerability Details

GHSA

GHSA-25g3-p7c7-27pp: A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Softwar↗2022-05-24

▶

CVEList

Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability↗2019-08-07

▶

💥Exploits & PoCs

Exploit-DB

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)↗2019-06-11

▶

📋Vendor Advisories

Microsoft

Azure Stack Spoofing Vulnerability↗2019-11-12

▶

Cisco

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability↗2019-08-07

▶