Sign-up

ID

VAR-201904-0246


CVE

CVE-2019-1711


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003478

DESCRIPTION

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCve12615. The vulnerability stems from the network system or product not correctly validating the input data. Do the correct validation

Trust: 1.98

sources: NVD: CVE-2019-1711 // JVNDB: JVNDB-2019-003478 // BID: 108017 // VULHUB: VHN-149323

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:gteversion:6.1.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:6.5.1

Trust: 1.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.4

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.2

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.1

Trust: 0.3

vendor:ciscomodel:carrier routing systemscope:eqversion: -

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:neversion:6.5.1

Trust: 0.3

sources: BID: 108017 // JVNDB: JVNDB-2019-003478 // NVD: CVE-2019-1711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1711
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1711
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1711
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-831
value: HIGH

Trust: 0.6

VULHUB: VHN-149323
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1711
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149323
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1711
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1711
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149323 // JVNDB: JVNDB-2019-003478 // CNNVD: CNNVD-201904-831 // NVD: CVE-2019-1711 // NVD: CVE-2019-1711

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149323 // JVNDB: JVNDB-2019-003478 // NVD: CVE-2019-1711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-831

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-831

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003478

PATCH
title:cisco-sa-20190417-ios-xr-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ios-xr-dos
Trust: 0.8
title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91666
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003478 // 
            
            
            
            CNNVD: CNNVD-201904-831

EXTERNAL IDS
db:NVDid:CVE-2019-1711
Trust: 2.8
db:BIDid:108017
Trust: 2.0
db:JVNDBid:JVNDB-2019-003478
Trust: 0.8
db:CNNVDid:CNNVD-201904-831
Trust: 0.7
db:AUSCERTid:ESB-2019.1331.3
Trust: 0.6
db:VULHUBid:VHN-149323
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149323 // 
            
            
            
            BID: 108017 // 
            
            
            
            JVNDB: JVNDB-2019-003478 // 
            
            
            
            CNNVD: CNNVD-201904-831 // 
            
            
            
            NVD: CVE-2019-1711

REFERENCES
url:http://www.securityfocus.com/bid/108017
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ios-xr-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1711
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1711
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-asr9k-exr
Trust: 0.6
url:https://www.auscert.org.au/bulletins/79286
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-grpc-29083
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149323 // 
            
            
            
            BID: 108017 // 
            
            
            
            JVNDB: JVNDB-2019-003478 // 
            
            
            
            CNNVD: CNNVD-201904-831 // 
            
            
            
            NVD: CVE-2019-1711

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108017 // 
            
            
            
            CNNVD: CNNVD-201904-831

SOURCES
db:VULHUBid:VHN-149323
db:BIDid:108017
db:JVNDBid:JVNDB-2019-003478
db:CNNVDid:CNNVD-201904-831
db:NVDid:CVE-2019-1711

LAST UPDATE DATE
2024-08-14T14:56:56.469000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149323date:2019-10-09T00:00:00
db:BIDid:108017date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003478date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-831date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1711date:2019-10-09T23:47:47.550

SOURCES RELEASE DATE
db:VULHUBid:VHN-149323date:2019-04-17T00:00:00
db:BIDid:108017date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003478date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-831date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1711date:2019-04-17T22:29:00.437