CVE-2019-1760

EPSS 0.37%
Veröffentlicht 28.03.2019 01:29:00
Zuletzt bearbeitet 21.11.2024 04:37:18
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version3.2.0ja

Cisco ≫ Ios Xe Version3.16.4as

Cisco ≫ Ios Xe Version3.16.4bs

Cisco ≫ Ios Xe Version3.16.4cs

Cisco ≫ Ios Xe Version3.16.4ds

Cisco ≫ Ios Xe Version3.16.4es

Cisco ≫ Ios Xe Version3.16.4gs

Cisco ≫ Ios Xe Version3.16.4s

Cisco ≫ Ios Xe Version3.16.5as

Cisco ≫ Ios Xe Version3.16.5bs

Cisco ≫ Ios Xe Version3.16.5s

Cisco ≫ Ios Xe Version3.16.6bs

Cisco ≫ Ios Xe Version3.16.6s

Cisco ≫ Ios Xe Version3.16.7as

Cisco ≫ Ios Xe Version3.16.7bs

Cisco ≫ Ios Xe Version3.16.7s

Cisco ≫ Ios Xe Version16.3.2

Cisco ≫ Ios Xe Version16.3.3

Cisco ≫ Ios Xe Version16.3.4

Cisco ≫ Ios Xe Version16.3.5

Cisco ≫ Ios Xe Version16.3.5b

Cisco ≫ Ios Xe Version16.3.6

Cisco ≫ Ios Xe Version16.4.1

Cisco ≫ Ios Xe Version16.4.2

Cisco ≫ Ios Xe Version16.4.3

Cisco ≫ Ios Xe Version16.5.1

Cisco ≫ Ios Xe Version16.5.1a

Cisco ≫ Ios Xe Version16.5.1b

Cisco ≫ Ios Xe Version16.5.2

Cisco ≫ Ios Xe Version16.5.3

Cisco ≫ Ios Xe Version16.6.1

Cisco ≫ Ios Xe Version16.6.2

Cisco ≫ Ios Xe Version16.6.3

Cisco ≫ Ios Xe Version16.7.1

Cisco ≫ Ios Xe Version16.7.1a

Cisco ≫ Ios Xe Version16.7.1b

Cisco ≫ Ios Xe Version16.8.1

Cisco ≫ Ios Xe Version16.8.1a

Cisco ≫ Ios Xe Version16.8.1b

Cisco ≫ Ios Xe Version16.8.1c

Cisco ≫ Ios Xe Version16.8.1s

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.583

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C
psirt@cisco.com	6.8	2.2	4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/107611

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1760

EUVD