Details of VAR-201905-0592

ID

VAR-201905-0592

CVE

CVE-2019-1846

TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004585

DESCRIPTION

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvk63685. Cisco ASR 9000 Series is a 9000 series enterprise-class router of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.52

sources: NVD: CVE-2019-1846 // JVNDB: JVNDB-2019-004585 // CNVD: CNVD-2019-14700 // BID: 108363 // VULHUB: VHN-150808

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14700

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.3.3	Trust: 1.0
vendor:	cisco	model:	ios xr software service pack	scope:	eq	version:	5.3.31	Trust: 0.3
vendor:	cisco	model:	carrier routing system	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99220	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99120	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99040	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90100	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90060	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90010	Trust: 0.3

sources: CNVD: CNVD-2019-14700 // BID: 108363 // JVNDB: JVNDB-2019-004585 // NVD: CVE-2019-1846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1846
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1846
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1846
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-14700
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-701
value:	HIGH
Trust: 0.6
VULHUB:	VHN-150808
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1846
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14700
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-150808
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1846
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 2.8

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846 // NVD: CVE-2019-1846

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-150808 // JVNDB: JVNDB-2019-004585 // NVD: CVE-2019-1846

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-701

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-701

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004585

PATCH

title:	cisco-sa-20190515-iosxr-mpls-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-asr9k-mpls-dos	Trust: 0.8
title:	Patch for Cisco ASR 9000 Series Aggregation Services Routers IOS XR Software Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/161577	Trust: 0.6
title:	Cisco ASR 9000 Series Aggregation Services Routers IOS XR Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92825	Trust: 0.6

sources: CNVD: CNVD-2019-14700 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1846	Trust: 3.4
db:	BID	id:	108363	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004585	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-701	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14700	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1779	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1779.2	Trust: 0.6
db:	VULHUB	id:	VHN-150808	Trust: 0.1

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // BID: 108363 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846

REFERENCES

url:	http://www.securityfocus.com/bid/108363	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-asr9k-mpls-dos	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1846	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-iosxr-mpls-dos	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1846	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-1846	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-iosxr-evpn-dos	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1779/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-mpls-oam-29343	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81202	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1779.2/	Trust: 0.6

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // BID: 108363 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846

CREDITS

Cisco

Trust: 0.9

sources: BID: 108363 // CNNVD: CNNVD-201905-701

SOURCES

db:	CNVD	id:	CNVD-2019-14700
db:	VULHUB	id:	VHN-150808
db:	BID	id:	108363
db:	JVNDB	id:	JVNDB-2019-004585
db:	CNNVD	id:	CNNVD-201905-701
db:	NVD	id:	CVE-2019-1846

LAST UPDATE DATE

2024-08-14T13:26:29.569000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14700	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-150808	date:	2019-10-09T00:00:00
db:	BID	id:	108363	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004585	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-701	date:	2019-07-12T00:00:00
db:	NVD	id:	CVE-2019-1846	date:	2019-10-09T23:48:19.473

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14700	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-150808	date:	2019-05-16T00:00:00
db:	BID	id:	108363	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004585	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-701	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1846	date:	2019-05-16T02:29:00.437