ID
VAR-201903-0568
CVE
CVE-2019-1760
TITLE
Cisco IOS XE Software input validation vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. Cisco IOS XE The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvj55896
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.5 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4cs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.7s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.5bs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.5as | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.6s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.4 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2.0ja | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.7bs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.6bs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4es | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4gs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.7as | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.5s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4as | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.5b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.6 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4bs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.16.4ds | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | asr series aggregation services routers 15.5 s6.1 | scope: | eq | version: | 1000 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.9
CONFIGURATIONS
PATCH
| title: | cisco-sa-20190327-pfrv3 | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3 | Trust: 0.8 |
| title: | Cisco IOS XE Enter the fix for the verification vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90495 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1760 | Trust: 2.8 |
| db: | BID | id: | 107611 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2019-003042 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-1078 | Trust: 0.7 |
| db: | NSFOCUS | id: | 43608 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-149862 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-pfrv3 | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/107611 | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1760 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1760 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/43608 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco ?? ??
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-149862 |
| db: | BID | id: | 107611 |
| db: | JVNDB | id: | JVNDB-2019-003042 |
| db: | CNNVD | id: | CNNVD-201903-1078 |
| db: | NVD | id: | CVE-2019-1760 |
LAST UPDATE DATE
2024-08-14T15:34:03.867000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-149862 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 107611 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003042 | date: | 2019-05-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1078 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2019-1760 | date: | 2019-10-09T23:48:00.300 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-149862 | date: | 2019-03-28T00:00:00 |
| db: | BID | id: | 107611 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003042 | date: | 2019-05-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1078 | date: | 2019-03-27T00:00:00 |
| db: | NVD | id: | CVE-2019-1760 | date: | 2019-03-28T01:29:00.533 |