ID

VAR-201904-0246


CVE

CVE-2019-1711


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003478

DESCRIPTION

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCve12615. The vulnerability stems from the network system or product not correctly validating the input data. Do the correct validation

Trust: 1.98

sources: NVD: CVE-2019-1711 // JVNDB: JVNDB-2019-003478 // BID: 108017 // VULHUB: VHN-149323

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:gteversion:6.1.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:6.5.1

Trust: 1.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.4

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.2

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.1

Trust: 0.3

vendor:ciscomodel:carrier routing systemscope:eqversion: -

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:neversion:6.5.1

Trust: 0.3

sources: BID: 108017 // JVNDB: JVNDB-2019-003478 // NVD: CVE-2019-1711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1711
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1711
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1711
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-831
value: HIGH

Trust: 0.6

VULHUB: VHN-149323
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1711
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149323
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1711
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1711
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149323 // JVNDB: JVNDB-2019-003478 // CNNVD: CNNVD-201904-831 // NVD: CVE-2019-1711 // NVD: CVE-2019-1711

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149323 // JVNDB: JVNDB-2019-003478 // NVD: CVE-2019-1711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-831

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-831

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003478

PATCH

title:cisco-sa-20190417-ios-xr-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ios-xr-dos

Trust: 0.8

title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91666

Trust: 0.6

sources: JVNDB: JVNDB-2019-003478 // CNNVD: CNNVD-201904-831

EXTERNAL IDS

db:NVDid:CVE-2019-1711

Trust: 2.8

db:BIDid:108017

Trust: 2.0

db:JVNDBid:JVNDB-2019-003478

Trust: 0.8

db:CNNVDid:CNNVD-201904-831

Trust: 0.7

db:AUSCERTid:ESB-2019.1331.3

Trust: 0.6

db:VULHUBid:VHN-149323

Trust: 0.1

sources: VULHUB: VHN-149323 // BID: 108017 // JVNDB: JVNDB-2019-003478 // CNNVD: CNNVD-201904-831 // NVD: CVE-2019-1711

REFERENCES

url:http://www.securityfocus.com/bid/108017

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-ios-xr-dos

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1711

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1711

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-asr9k-exr

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79286

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-grpc-29083

Trust: 0.6

sources: VULHUB: VHN-149323 // BID: 108017 // JVNDB: JVNDB-2019-003478 // CNNVD: CNNVD-201904-831 // NVD: CVE-2019-1711

CREDITS

Cisco

Trust: 0.9

sources: BID: 108017 // CNNVD: CNNVD-201904-831

SOURCES

db:VULHUBid:VHN-149323
db:BIDid:108017
db:JVNDBid:JVNDB-2019-003478
db:CNNVDid:CNNVD-201904-831
db:NVDid:CVE-2019-1711

LAST UPDATE DATE

2024-08-14T14:56:56.469000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149323date:2019-10-09T00:00:00
db:BIDid:108017date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003478date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-831date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1711date:2019-10-09T23:47:47.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-149323date:2019-04-17T00:00:00
db:BIDid:108017date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003478date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-831date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1711date:2019-04-17T22:29:00.437