ID

VAR-201905-0592


CVE

CVE-2019-1846


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004585

DESCRIPTION

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvk63685. Cisco ASR 9000 Series is a 9000 series enterprise-class router of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.52

sources: NVD: CVE-2019-1846 // JVNDB: JVNDB-2019-004585 // CNVD: CNVD-2019-14700 // BID: 108363 // VULHUB: VHN-150808

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-14700

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xrscope:eqversion:5.3.3

Trust: 1.0

vendor:ciscomodel:ios xr software service packscope:eqversion:5.3.31

Trust: 0.3

vendor:ciscomodel:carrier routing systemscope:eqversion: -

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99220

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99120

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99040

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90100

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90060

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90010

Trust: 0.3

sources: CNVD: CNVD-2019-14700 // BID: 108363 // JVNDB: JVNDB-2019-004585 // NVD: CVE-2019-1846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1846
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1846
value: HIGH

Trust: 1.0

NVD: CVE-2019-1846
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-14700
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-701
value: HIGH

Trust: 0.6

VULHUB: VHN-150808
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1846
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14700
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-150808
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1846
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 2.8

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846 // NVD: CVE-2019-1846

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150808 // JVNDB: JVNDB-2019-004585 // NVD: CVE-2019-1846

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-701

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-701

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004585

PATCH

title:cisco-sa-20190515-iosxr-mpls-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-asr9k-mpls-dos

Trust: 0.8

title:Patch for Cisco ASR 9000 Series Aggregation Services Routers IOS XR Software Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/161577

Trust: 0.6

title:Cisco ASR 9000 Series Aggregation Services Routers IOS XR Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92825

Trust: 0.6

sources: CNVD: CNVD-2019-14700 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701

EXTERNAL IDS

db:NVDid:CVE-2019-1846

Trust: 3.4

db:BIDid:108363

Trust: 2.0

db:JVNDBid:JVNDB-2019-004585

Trust: 0.8

db:CNNVDid:CNNVD-201905-701

Trust: 0.7

db:CNVDid:CNVD-2019-14700

Trust: 0.6

db:AUSCERTid:ESB-2019.1779

Trust: 0.6

db:AUSCERTid:ESB-2019.1779.2

Trust: 0.6

db:VULHUBid:VHN-150808

Trust: 0.1

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // BID: 108363 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846

REFERENCES

url:http://www.securityfocus.com/bid/108363

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-asr9k-mpls-dos

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1846

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-iosxr-mpls-dos

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1846

Trust: 0.8

url:https://web.nvd.nist.gov//vuln/detail/cve-2019-1846

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-iosxr-evpn-dos

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1779/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-mpls-oam-29343

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81202

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1779.2/

Trust: 0.6

sources: CNVD: CNVD-2019-14700 // VULHUB: VHN-150808 // BID: 108363 // JVNDB: JVNDB-2019-004585 // CNNVD: CNNVD-201905-701 // NVD: CVE-2019-1846

CREDITS

Cisco

Trust: 0.9

sources: BID: 108363 // CNNVD: CNNVD-201905-701

SOURCES

db:CNVDid:CNVD-2019-14700
db:VULHUBid:VHN-150808
db:BIDid:108363
db:JVNDBid:JVNDB-2019-004585
db:CNNVDid:CNNVD-201905-701
db:NVDid:CVE-2019-1846

LAST UPDATE DATE

2024-08-14T13:26:29.569000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-14700date:2019-05-17T00:00:00
db:VULHUBid:VHN-150808date:2019-10-09T00:00:00
db:BIDid:108363date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004585date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-701date:2019-07-12T00:00:00
db:NVDid:CVE-2019-1846date:2019-10-09T23:48:19.473

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-14700date:2019-05-17T00:00:00
db:VULHUBid:VHN-150808date:2019-05-16T00:00:00
db:BIDid:108363date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004585date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-701date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1846date:2019-05-16T02:29:00.437