Sign-up

ID

VAR-201908-1008


CVE

CVE-2019-1918


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007722

DESCRIPTION

A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XR is an operating system developed by Cisco for its network equipment. Attackers can exploit this vulnerabilityvulnerability to crash the IS–IS process, resulting in denial of service

Trust: 1.71

sources: NVD: CVE-2019-1918 // JVNDB: JVNDB-2019-007722 // VULHUB: VHN-151600

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:6.6.3

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:6.5.1

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope:eqversion:6.5.3

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.5.2

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007722 // NVD: CVE-2019-1918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1918
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1918
value: HIGH

Trust: 1.0

NVD: CVE-2019-1918
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-537
value: HIGH

Trust: 0.6

VULHUB: VHN-151600
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1918
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151600
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1918
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1918
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // CNNVD: CNNVD-201908-537 // NVD: CVE-2019-1918 // NVD: CVE-2019-1918

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-682

Trust: 1.1

sources: VULHUB: VHN-151600 // JVNDB: JVNDB-2019-007722 // NVD: CVE-2019-1918

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-537

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007722

PATCH
title:cisco-sa-20190807-iosxr-isis-dos-1918url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918
Trust: 0.8
title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96234
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007722 // 
            
            
            
            CNNVD: CNNVD-201908-537

EXTERNAL IDS
db:NVDid:CVE-2019-1918
Trust: 2.5
db:JVNDBid:JVNDB-2019-007722
Trust: 0.8
db:CNNVDid:CNNVD-201908-537
Trust: 0.7
db:AUSCERTid:ESB-2019.3011
Trust: 0.6
db:VULHUBid:VHN-151600
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151600 // 
            
            
            
            JVNDB: JVNDB-2019-007722 // 
            
            
            
            CNNVD: CNNVD-201908-537 // 
            
            
            
            NVD: CVE-2019-1918

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-iosxr-isis-dos-1918
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1918
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1918
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-is-is-29983
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3011/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151600 // 
            
            
            
            JVNDB: JVNDB-2019-007722 // 
            
            
            
            CNNVD: CNNVD-201908-537 // 
            
            
            
            NVD: CVE-2019-1918

CREDITS
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-537

SOURCES
db:VULHUBid:VHN-151600
db:JVNDBid:JVNDB-2019-007722
db:CNNVDid:CNNVD-201908-537
db:NVDid:CVE-2019-1918

LAST UPDATE DATE
2024-08-14T15:02:13.297000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151600date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-007722date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-537date:2020-10-19T00:00:00
db:NVDid:CVE-2019-1918date:2020-10-16T14:36:36.990

SOURCES RELEASE DATE
db:VULHUBid:VHN-151600date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007722date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-537date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1918date:2019-08-07T22:15:15.447