CVE-2019-1918Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input ValidationCWE-682Incorrect Calculation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 75.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS XR SoftwareCisco IOS XRCisco Carrier Routing System
Timeline
PublishedAug 7
Latest updateMay 24

Description

A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploi

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

NVDcisco/carrier_routing_system6.5.1, 6.5.3+1
CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr6.5.26.6.3

🔴Vulnerability Details

2
GHSA
GHSA-29rc-5w3j-4hr7: A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software co2022-05-24
CVEList
Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability2019-08-07

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability2019-08-07
CVE-2019-1918 — Improper Input Validation in Cisco | cvebase