CVE-2019-16019

EPSS 1.31%
Published 23.09.2020 01:15:13
Last modified 21.11.2024 04:29:56
Source psirt@cisco.com
Teams watchlist Login
Open Login

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xr Version6.6.1

Cisco ≫ Ios Xr Version6.6.2

   Cisco ≫ Asr 9000 Version- HwPlatform-
   Cisco ≫ Asr 9000 Version- HwPlatformx64
   Cisco ≫ Asr 9010 Version- HwPlatform-
   Cisco ≫ Asr 9010 Version- HwPlatformx64
   Cisco ≫ Asr 9904 Version- HwPlatform-
   Cisco ≫ Asr 9904 Version- HwPlatformx64
   Cisco ≫ Asr 9910 Version- HwPlatform-
   Cisco ≫ Asr 9910 Version- HwPlatformx64
   Cisco ≫ Asr 9912 Version- HwPlatform-
   Cisco ≫ Asr 9912 Version- HwPlatformx64
   Cisco ≫ Asr 9922 Version- HwPlatform-
   Cisco ≫ Asr 9922 Version- HwPlatformx64
   Cisco ≫ Carrier Routing System Version-
   Cisco ≫ Ios Xrv 9000 Version-
   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5011 Version-
   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 5500 Version-
   Cisco ≫ Ncs 6000 Version-

Cisco ≫ Ios Xr Version6.6.25

   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 540l Version-
   Cisco ≫ Ncs 5500 Version-
   Cisco ≫ Ncs 560 Version-

Cisco ≫ Ios Xr Version7.0.1

   Cisco ≫ Asr 9000 Version- HwPlatformx64
   Cisco ≫ Asr 9010 Version- HwPlatformx64
   Cisco ≫ Asr 9904 Version- HwPlatformx64
   Cisco ≫ Asr 9910 Version- HwPlatformx64
   Cisco ≫ Asr 9912 Version- HwPlatformx64
   Cisco ≫ Asr 9922 Version- HwPlatformx64
   Cisco ≫ Ios Xrv 9000 Version-
   Cisco ≫ Ncs 1001 Version-
   Cisco ≫ Ncs 1002 Version-
   Cisco ≫ Ncs 1004 Version-
   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5011 Version-
   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 540l Version-
   Cisco ≫ Ncs 5500 Version-
   Cisco ≫ Ncs 560 Version-
   Cisco ≫ Ncs 6000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.31%	0.792

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-16019

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16019

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16019

EUVD