ID

VAR-201904-0430


CVE

CVE-2019-1686


TITLE

Cisco IOS XR Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003481

DESCRIPTION

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm01102. The vulnerability is caused by the network system or product not properly restricting resource access from unauthorized roles

Trust: 1.98

sources: NVD: CVE-2019-1686 // JVNDB: JVNDB-2019-003481 // BID: 108026 // VULHUB: VHN-149048

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:gteversion:5.1.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:6.5.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.5.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:6.6.1

Trust: 1.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr series aggregation services routers 6.1.3.basescope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:asr series aggregation services routers 6.1.2.basescope:eqversion:9000

Trust: 0.3

sources: BID: 108026 // JVNDB: JVNDB-2019-003481 // NVD: CVE-2019-1686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1686
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1686
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1686
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-834
value: HIGH

Trust: 0.6

VULHUB: VHN-149048
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1686
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149048
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1686
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1686
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1686
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149048 // JVNDB: JVNDB-2019-003481 // CNNVD: CNNVD-201904-834 // NVD: CVE-2019-1686 // NVD: CVE-2019-1686

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-149048 // JVNDB: JVNDB-2019-003481 // NVD: CVE-2019-1686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-834

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201904-834

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003481

PATCH

title:cisco-sa-20190417-iosxraclurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxracl

Trust: 0.8

title:Cisco ASR 9000 Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91669

Trust: 0.6

sources: JVNDB: JVNDB-2019-003481 // CNNVD: CNNVD-201904-834

EXTERNAL IDS

db:NVDid:CVE-2019-1686

Trust: 2.8

db:BIDid:108026

Trust: 2.0

db:JVNDBid:JVNDB-2019-003481

Trust: 0.8

db:CNNVDid:CNNVD-201904-834

Trust: 0.7

db:AUSCERTid:ESB-2019.1334

Trust: 0.6

db:VULHUBid:VHN-149048

Trust: 0.1

sources: VULHUB: VHN-149048 // BID: 108026 // JVNDB: JVNDB-2019-003481 // CNNVD: CNNVD-201904-834 // NVD: CVE-2019-1686

REFERENCES

url:http://www.securityfocus.com/bid/108026

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-iosxracl

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1686

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1686

Trust: 0.8

url:https://www.auscert.org.au/bulletins/79310

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asr-9000-privilege-escalation-via-acl-bypass-29085

Trust: 0.6

sources: VULHUB: VHN-149048 // BID: 108026 // JVNDB: JVNDB-2019-003481 // CNNVD: CNNVD-201904-834 // NVD: CVE-2019-1686

CREDITS

Cisco

Trust: 0.9

sources: BID: 108026 // CNNVD: CNNVD-201904-834

SOURCES

db:VULHUBid:VHN-149048
db:BIDid:108026
db:JVNDBid:JVNDB-2019-003481
db:CNNVDid:CNNVD-201904-834
db:NVDid:CVE-2019-1686

LAST UPDATE DATE

2024-08-14T15:07:42.502000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149048date:2020-10-16T00:00:00
db:BIDid:108026date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003481date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-834date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1686date:2020-10-16T13:01:58.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-149048date:2019-04-17T00:00:00
db:BIDid:108026date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003481date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-834date:2019-04-17T00:00:00
db:NVDid:CVE-2019-1686date:2019-04-17T22:29:00.360