CVE-2019-15989

Published: Jan 26, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.

Affected (4)

Products: Cisco: Ios Xr

Cisco

1 product

Ios Xr

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.6.1

Configuration B

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.6.2

Running on/with	Platform Versions
Cisco Asr 9000v	All versions
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9922	All versions
Cisco Crs	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.6.25

Configuration D

1 vulnerable · 26 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 7.0.1

Running on/with	Platform Versions
Cisco Asr 9000v	All versions
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9922	All versions
Cisco Ncs 1001	All versions
Cisco Ncs 1002	All versions
Cisco Ncs 1004	All versions
Cisco Ncs 5001	All versions
Cisco Ncs 5002	All versions
Cisco Ncs 540	All versions
Cisco Ncs 540l	All versions
Cisco Ncs 5501	All versions
Cisco Ncs 5501 Se	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5502 Se	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions
Cisco Ncs 560	All versions
Cisco Ncs 6000	All versions
Cisco Xrv 9000	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.