CVE-2019-16027

Published: Jan 26, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.

Affected (17)

Products: Cisco: Ios Xr

Cisco

1 product

Ios Xr

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 4.3.2

Running on/with	Platform Versions
Cisco Xr 12404	All versions
Cisco Xr 12406	All versions
Cisco Xr 12410	All versions
Cisco Xr 12416	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 5.2.5

Running on/with	Platform Versions
Cisco Ncs 6000	All versions
Cisco Ncs 6008	All versions

Configuration C

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.2.25

Running on/with	Platform Versions
Cisco Ncs 5001	All versions
Cisco Ncs 5002	All versions
Cisco Ncs 5011	All versions

Configuration D

2 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.3.15
Cisco Ios Xr	Version 6.6.1

Running on/with	Platform Versions
Cisco Ncs 5500	All versions
Cisco Ncs 5501	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions

Configuration E

1 platform

Running on/with	Platform Versions
Cisco Crs	All versions

Configuration F

1 platform

Running on/with	Platform Versions
Cisco Xrv 9000	All versions

Configuration G

1 platform

Running on/with	Platform Versions
Cisco Ncs 540	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.6.25

Running on/with	Platform Versions
Cisco Ncs 560	All versions

Configuration I

11 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Version 6.1.2
Cisco Ios Xr	Version 6.1.3
Cisco Ios Xr	Version 6.1.4
Cisco Ios Xr	Version 6.2.2
Cisco Ios Xr	Version 6.2.3
Cisco Ios Xr	Version 6.3.2
Cisco Ios Xr	Version 6.3.3
Cisco Ios Xr	Version 6.4.2
Cisco Ios Xr	Version 6.5.2
Cisco Ios Xr	Version 6.5.3
Cisco Ios Xr	Version 6.6.2

Running on/with	Platform Versions
Cisco Asr 9000	All versions
Cisco Asr 9000v	Version v2
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9903	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9920	All versions
Cisco Asr 9922	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.