Details of VAR-201904-0247

ID

VAR-201904-0247

CVE

CVE-2019-1712

TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003474

DESCRIPTION

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XR Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvg43676. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.07

sources: NVD: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // BID: 108025 // VULHUB: VHN-149334 // VULMON: CVE-2019-1712

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	lt	version:	6.2.3	Trust: 1.8
vendor:	cisco	model:	ios xr	scope:	lt	version:	6.3.2	Trust: 1.8
vendor:	cisco	model:	ios xr	scope:	lt	version:	6.4.0	Trust: 1.8
vendor:	cisco	model:	ios xr	scope:	lt	version:	6.5.1	Trust: 1.8
vendor:	cisco	model:	ios xr	scope:	gte	version:	6.3.3	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	gte	version:	6.4.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	gte	version:	6.2.25	Trust: 1.0
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.2.3.mcast	scope:	eq	version:	9000	Trust: 0.3

sources: BID: 108025 // JVNDB: JVNDB-2019-003474 // NVD: CVE-2019-1712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1712
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1712
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1712
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-832
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149334
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-1712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-149334
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1712
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1712
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712 // NVD: CVE-2019-1712

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-149334 // JVNDB: JVNDB-2019-003474 // NVD: CVE-2019-1712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-832

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-832

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003474

PATCH

title:	cisco-sa-20190417-iosxr-pim-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxr-pim-dos	Trust: 0.8
title:	Cisco IOS XR Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91667	Trust: 0.6
title:	Cisco: Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190417-iosxr-pim-dos	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco_high-severity_bug/144410/	Trust: 0.1

sources: VULMON: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1712	Trust: 2.9
db:	BID	id:	108025	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-003474	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-832	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1331.3	Trust: 0.6
db:	VULHUB	id:	VHN-149334	Trust: 0.1
db:	VULMON	id:	CVE-2019-1712	Trust: 0.1

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // BID: 108025 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-iosxr-pim-dos	Trust: 2.8
url:	http://www.securityfocus.com/bid/108025	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1712	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1712	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-asr9k-exr	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79286	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-pim-29084	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco_high-severity_bug/144410/	Trust: 0.1

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // BID: 108025 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712

CREDITS

Cisco

Trust: 0.9

sources: BID: 108025 // CNNVD: CNNVD-201904-832

SOURCES

db:	VULHUB	id:	VHN-149334
db:	VULMON	id:	CVE-2019-1712
db:	BID	id:	108025
db:	JVNDB	id:	JVNDB-2019-003474
db:	CNNVD	id:	CNNVD-201904-832
db:	NVD	id:	CVE-2019-1712

LAST UPDATE DATE

2024-08-14T14:56:56.501000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149334	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-1712	date:	2019-10-09T00:00:00
db:	BID	id:	108025	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003474	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-832	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-1712	date:	2019-10-09T23:47:47.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149334	date:	2019-04-17T00:00:00
db:	VULMON	id:	CVE-2019-1712	date:	2019-04-17T00:00:00
db:	BID	id:	108025	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003474	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201904-832	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1712	date:	2019-04-17T22:29:00.483