Details of VAR-201908-1013

ID

VAR-201908-1013

CVE

CVE-2019-1910

TITLE

Cisco IOS XR Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007721

DESCRIPTION

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-1910 // JVNDB: JVNDB-2019-007721 // VULHUB: VHN-151512

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	lt	version:	6.6.3	Trust: 1.8
vendor:	cisco	model:	carrier routing system	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	carrier routing system	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007721 // NVD: CVE-2019-1910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1910
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1910
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1910
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-534
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151512
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1910
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151512
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1910
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1910
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910 // NVD: CVE-2019-1910

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // NVD: CVE-2019-1910

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007721

PATCH

title:	cisco-sa-20190807-iosxr-isis-dos-1910	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910	Trust: 0.8
title:	Cisco IOS XR Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96231	Trust: 0.6

sources: JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1910	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007721	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-534	Trust: 0.7
db:	VULHUB	id:	VHN-151512	Trust: 0.1

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-iosxr-isis-dos-1910	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1910	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1910	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-is-is-29982	Trust: 0.6

sources: VULHUB: VHN-151512 // JVNDB: JVNDB-2019-007721 // CNNVD: CNNVD-201908-534 // NVD: CVE-2019-1910

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201908-534

SOURCES

db:	VULHUB	id:	VHN-151512
db:	JVNDB	id:	JVNDB-2019-007721
db:	CNNVD	id:	CNNVD-201908-534
db:	NVD	id:	CVE-2019-1910

LAST UPDATE DATE

2024-08-14T13:44:47.237000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151512	date:	2023-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-007721	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-534	date:	2020-02-12T00:00:00
db:	NVD	id:	CVE-2019-1910	date:	2023-11-07T03:08:37.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151512	date:	2019-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007721	date:	2019-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201908-534	date:	2019-08-07T00:00:00
db:	NVD	id:	CVE-2019-1910	date:	2019-08-07T21:15:11.363