ID

VAR-201904-0247


CVE

CVE-2019-1712


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003474

DESCRIPTION

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XR Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvg43676. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.07

sources: NVD: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // BID: 108025 // VULHUB: VHN-149334 // VULMON: CVE-2019-1712

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:6.2.3

Trust: 1.8

vendor:ciscomodel:ios xrscope:ltversion:6.3.2

Trust: 1.8

vendor:ciscomodel:ios xrscope:ltversion:6.4.0

Trust: 1.8

vendor:ciscomodel:ios xrscope:ltversion:6.5.1

Trust: 1.8

vendor:ciscomodel:ios xrscope:gteversion:6.3.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.2.25

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.4.1

Trust: 1.0

vendor:ciscomodel:ios xr softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr series aggregation services routers 6.2.3.mcastscope:eqversion:9000

Trust: 0.3

sources: BID: 108025 // JVNDB: JVNDB-2019-003474 // NVD: CVE-2019-1712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1712
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1712
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1712
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-832
value: HIGH

Trust: 0.6

VULHUB: VHN-149334
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1712
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1712
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149334
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1712
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1712
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712 // NVD: CVE-2019-1712

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149334 // JVNDB: JVNDB-2019-003474 // NVD: CVE-2019-1712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-832

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-832

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003474

PATCH

title:cisco-sa-20190417-iosxr-pim-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxr-pim-dos

Trust: 0.8

title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91667

Trust: 0.6

title:Cisco: Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190417-iosxr-pim-dos

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco_high-severity_bug/144410/

Trust: 0.1

sources: VULMON: CVE-2019-1712 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832

EXTERNAL IDS

db:NVDid:CVE-2019-1712

Trust: 2.9

db:BIDid:108025

Trust: 2.1

db:JVNDBid:JVNDB-2019-003474

Trust: 0.8

db:CNNVDid:CNNVD-201904-832

Trust: 0.7

db:AUSCERTid:ESB-2019.1331.3

Trust: 0.6

db:VULHUBid:VHN-149334

Trust: 0.1

db:VULMONid:CVE-2019-1712

Trust: 0.1

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // BID: 108025 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-iosxr-pim-dos

Trust: 2.8

url:http://www.securityfocus.com/bid/108025

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-1712

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1712

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-asr9k-exr

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79286

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-pim-29084

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco_high-severity_bug/144410/

Trust: 0.1

sources: VULHUB: VHN-149334 // VULMON: CVE-2019-1712 // BID: 108025 // JVNDB: JVNDB-2019-003474 // CNNVD: CNNVD-201904-832 // NVD: CVE-2019-1712

CREDITS

Cisco

Trust: 0.9

sources: BID: 108025 // CNNVD: CNNVD-201904-832

SOURCES

db:VULHUBid:VHN-149334
db:VULMONid:CVE-2019-1712
db:BIDid:108025
db:JVNDBid:JVNDB-2019-003474
db:CNNVDid:CNNVD-201904-832
db:NVDid:CVE-2019-1712

LAST UPDATE DATE

2024-11-23T21:37:33.122000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149334date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1712date:2019-10-09T00:00:00
db:BIDid:108025date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003474date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-832date:2019-05-14T00:00:00
db:NVDid:CVE-2019-1712date:2024-11-21T04:37:09.430

SOURCES RELEASE DATE

db:VULHUBid:VHN-149334date:2019-04-17T00:00:00
db:VULMONid:CVE-2019-1712date:2019-04-17T00:00:00
db:BIDid:108025date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003474date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-832date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1712date:2019-04-17T22:29:00.483