Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1849

Опубликовано: 16 мая 2019
Источник: nvd
CVSS3: 7.4
CVSS3: 6.5
CVSS2: 6.1
EPSS Низкий

Описание

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN network. A successful exploit could result in a crash of the l2vpn_mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). On each of the affected devices, a crash could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.1.0 (включая) до 6.3.3 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.4.0 (включая) до 6.4.2 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.5.0 (включая) до 6.5.2 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.6.0 (включая) до 6.6.1 (исключая)

EPSS

Процентиль: 32%
0.00128
Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-754
CWE-754

Связанные уязвимости

github логотип

GHSA-3r3r-w8v7-6jqq

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN network. A successful exploit could result in a crash of the l2vpn_mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). On each of the affected devices, a crash could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.

fstec логотип

BDU:2019-01969

CVSS3: 7.4
fstec
больше 6 лет назад

Уязвимость операционной системы Cisco IOS XR, связанная с ошибками исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 32%
0.00128
Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-754
CWE-754