8.6

CVE-2019-15989

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xr Version6.6.1
   CiscoAsr 9000v Version- HwPlatformx64
   CiscoAsr 9001 Version- HwPlatformx64
   CiscoAsr 9006 Version- HwPlatformx64
   CiscoAsr 9010 Version- HwPlatformx64
   CiscoAsr 9901 Version- HwPlatformx64
   CiscoAsr 9904 Version- HwPlatformx64
   CiscoAsr 9906 Version- HwPlatformx64
   CiscoAsr 9910 Version- HwPlatformx64
   CiscoAsr 9912 Version- HwPlatformx64
   CiscoAsr 9922 Version- HwPlatformx64
   CiscoNcs 540 Version-
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
   CiscoNcs 6000 Version-
CiscoIos Xr Version6.6.2
   CiscoAsr 9000v Version-
   CiscoAsr 9000v Version- HwPlatformx64
   CiscoAsr 9001 Version-
   CiscoAsr 9001 Version- HwPlatformx64
   CiscoAsr 9006 Version-
   CiscoAsr 9006 Version- HwPlatformx64
   CiscoAsr 9010 Version-
   CiscoAsr 9010 Version- HwPlatformx64
   CiscoAsr 9901 Version-
   CiscoAsr 9901 Version- HwPlatformx64
   CiscoAsr 9904 Version-
   CiscoAsr 9904 Version- HwPlatformx64
   CiscoAsr 9906 Version-
   CiscoAsr 9906 Version- HwPlatformx64
   CiscoAsr 9910 Version-
   CiscoAsr 9910 Version- HwPlatformx64
   CiscoAsr 9912 Version-
   CiscoAsr 9912 Version- HwPlatformx64
   CiscoAsr 9922 Version-
   CiscoAsr 9922 Version- HwPlatformx64
   CiscoCrs Version-
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
   CiscoXrv 9000 Version-
CiscoIos Xr Version6.6.25
   CiscoNcs 540 Version-
   CiscoNcs 540l Version-
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
   CiscoNcs 560 Version-
   CiscoNcs 6000 Version-
CiscoIos Xr Version7.0.1
   CiscoAsr 9000v Version- HwPlatformx64
   CiscoAsr 9001 Version- HwPlatformx64
   CiscoAsr 9006 Version- HwPlatformx64
   CiscoAsr 9010 Version- HwPlatformx64
   CiscoAsr 9901 Version- HwPlatformx64
   CiscoAsr 9904 Version- HwPlatformx64
   CiscoAsr 9906 Version- HwPlatformx64
   CiscoAsr 9910 Version- HwPlatformx64
   CiscoAsr 9912 Version- HwPlatformx64
   CiscoAsr 9922 Version- HwPlatformx64
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 540 Version-
   CiscoNcs 540l Version-
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
   CiscoNcs 560 Version-
   CiscoNcs 6000 Version-
   CiscoXrv 9000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.5% 0.847
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.