ID

VAR-201908-1013


CVE

CVE-2019-1910


TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007721

DESCRIPTION

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-1910 // JVNDB: JVNDB-2019-007721 // VULHUB: VHN-151512

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:6.6.3

Trust: 1.8

vendor:ciscomodel:carrier routing systemscope:eqversion:7.0.1

Trust: 1.0

vendor:ciscomodel:carrier routing systemscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007721 // NVD: CVE-2019-1910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1910
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1910
value: HIGH

Trust: 1.0

NVD: CVE-2019-1910
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-534
value: HIGH

Trust: 0.6

VULHUB: VHN-151512
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1910
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151512
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1910
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1910
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910 // NVD: CVE-2019-1910

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // NVD: CVE-2019-1910

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007721

PATCH

title:cisco-sa-20190807-iosxr-isis-dos-1910url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910

Trust: 0.8

title:Cisco IOS XR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96231

Trust: 0.6

sources: JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534

EXTERNAL IDS

db:NVDid:CVE-2019-1910

Trust: 2.5

db:JVNDBid:JVNDB-2019-007721

Trust: 0.8

db:CNNVDid:CNNVD-201908-534

Trust: 0.7

db:VULHUBid:VHN-151512

Trust: 0.1

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-iosxr-isis-dos-1910

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1910

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1910

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-is-is-29982

Trust: 0.6

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

SOURCES

db:VULHUBid:VHN-151512
db:JVNDBid:JVNDB-2019-007721
db:CNNVDid:CNNVD-201908-534
db:NVDid:CVE-2019-1910

LAST UPDATE DATE

2024-08-14T13:44:47.237000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151512date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2019-007721date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-534date:2020-02-12T00:00:00
db:NVDid:CVE-2019-1910date:2023-11-07T03:08:37.317

SOURCES RELEASE DATE

db:VULHUBid:VHN-151512date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2019-007721date:2019-08-20T00:00:00
db:CNNVDid:CNNVD-201908-534date:2019-08-07T00:00:00
db:NVDid:CVE-2019-1910date:2019-08-07T21:15:11.363