ID

VAR-201908-1008


CVE

CVE-2019-1918


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007722

DESCRIPTION

A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XR is an operating system developed by Cisco for its network equipment. Attackers can exploit this vulnerabilityvulnerability to crash the IS–IS process, resulting in denial of service

Trust: 1.71

sources: NVD: CVE-2019-1918 // JVNDB: JVNDB-2019-007722 // VULHUB: VHN-151600

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:6.6.3

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:6.5.1

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:6.5.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.5.2

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007722 // NVD: CVE-2019-1918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1918
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1918
value: HIGH

Trust: 1.0

NVD: CVE-2019-1918
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-537
value: HIGH

Trust: 0.6

VULHUB: VHN-151600
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1918
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151600
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1918
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1918
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // CNNVD: CNNVD-201908-537 // NVD: CVE-2019-1918 // NVD: CVE-2019-1918

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-682

Trust: 1.1

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // NVD: CVE-2019-1918

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-537

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-537

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007722

PATCH

title:cisco-sa-20190807-iosxr-isis-dos-1918url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918

Trust: 0.8

title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96234

Trust: 0.6

sources: JVNDB: JVNDB-2019-007722 // CNNVD: CNNVD-201908-537

EXTERNAL IDS

db:NVDid:CVE-2019-1918

Trust: 2.5

db:JVNDBid:JVNDB-2019-007722

Trust: 0.8

db:CNNVDid:CNNVD-201908-537

Trust: 0.7

db:AUSCERTid:ESB-2019.3011

Trust: 0.6

db:VULHUBid:VHN-151600

Trust: 0.1

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // CNNVD: CNNVD-201908-537 // NVD: CVE-2019-1918

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-iosxr-isis-dos-1918

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1918

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1918

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-is-is-29983

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3011/

Trust: 0.6

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // CNNVD: CNNVD-201908-537 // NVD: CVE-2019-1918

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-537

SOURCES

db:VULHUBid:VHN-151600
db:JVNDBid:JVNDB-2019-007722
db:CNNVDid:CNNVD-201908-537
db:NVDid:CVE-2019-1918

LAST UPDATE DATE

2024-08-14T15:02:13.297000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151600date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007722date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-537date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1918date:2020-10-16T14:36:36.990

SOURCES RELEASE DATE

db:VULHUBid:VHN-151600date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007722date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-537date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1918date:2019-08-07T22:15:15.447