ID

VAR-201903-0560


CVE

CVE-2019-1749


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003039

DESCRIPTION

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition. Cisco IOS XE The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to a denial-of-service vulnerability. Cisco ASR 900 is a 900 series Aggregation Services Router produced by Cisco

Trust: 1.98

sources: NVD: CVE-2019-1749 // JVNDB: JVNDB-2019-003039 // BID: 107615 // VULHUB: VHN-149741

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.16.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1isp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.3as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.6as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.5as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.4sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.7s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1hsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.7bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.8s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4gs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4cs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4ds

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.6bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1bsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.1as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.5s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.6s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1gsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4es

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.1s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr route switch processorscope:eqversion:90030

Trust: 0.3

sources: BID: 107615 // JVNDB: JVNDB-2019-003039 // NVD: CVE-2019-1749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1749
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1749
value: HIGH

Trust: 1.0

NVD: CVE-2019-1749
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1120
value: HIGH

Trust: 0.6

VULHUB: VHN-149741
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1749
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149741
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1749
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1749
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149741 // JVNDB: JVNDB-2019-003039 // CNNVD: CNNVD-201903-1120 // NVD: CVE-2019-1749 // NVD: CVE-2019-1749

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149741 // JVNDB: JVNDB-2019-003039 // NVD: CVE-2019-1749

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1120

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107615 // CNNVD: CNNVD-201903-1120

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003039

PATCH

title:cisco-sa-20190327-rsp3-ospfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf

Trust: 0.8

title:Cisco ASR 900 Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90534

Trust: 0.6

sources: JVNDB: JVNDB-2019-003039 // CNNVD: CNNVD-201903-1120

EXTERNAL IDS

db:NVDid:CVE-2019-1749

Trust: 2.8

db:BIDid:107615

Trust: 2.0

db:JVNDBid:JVNDB-2019-003039

Trust: 0.8

db:CNNVDid:CNNVD-201903-1120

Trust: 0.7

db:NSFOCUSid:43063

Trust: 0.6

db:VULHUBid:VHN-149741

Trust: 0.1

sources: VULHUB: VHN-149741 // BID: 107615 // JVNDB: JVNDB-2019-003039 // CNNVD: CNNVD-201903-1120 // NVD: CVE-2019-1749

REFERENCES

url:http://www.securityfocus.com/bid/107615

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-rsp3-ospf

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1749

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1749

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43063

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149741 // BID: 107615 // JVNDB: JVNDB-2019-003039 // CNNVD: CNNVD-201903-1120 // NVD: CVE-2019-1749

CREDITS

Cisco ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-1120

SOURCES

db:VULHUBid:VHN-149741
db:BIDid:107615
db:JVNDBid:JVNDB-2019-003039
db:CNNVDid:CNNVD-201903-1120
db:NVDid:CVE-2019-1749

LAST UPDATE DATE

2024-08-14T14:19:37.923000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149741date:2019-10-09T00:00:00
db:BIDid:107615date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003039date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1120date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1749date:2024-02-07T18:27:39.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-149741date:2019-03-28T00:00:00
db:BIDid:107615date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003039date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1120date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1749date:2019-03-28T00:29:00.717