CVE-2019-1749
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS XE Software | 3.13.6aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.0aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.1aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.2aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.3aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.4S | affected |
| Cisco | Cisco IOS XE Software | 3.16.4bS | affected |
| Cisco | Cisco IOS XE Software | 3.16.4gS | affected |
| Cisco | Cisco IOS XE Software | 3.16.5S | affected |
| Cisco | Cisco IOS XE Software | 3.16.4cS | affected |
| Cisco | Cisco IOS XE Software | 3.16.4dS | affected |
| Cisco | Cisco IOS XE Software | 3.16.4eS | affected |
| Cisco | Cisco IOS XE Software | 3.16.6S | affected |
| Cisco | Cisco IOS XE Software | 3.16.5aS | affected |
| Cisco | Cisco IOS XE Software | 3.16.7S | affected |
| Cisco | Cisco IOS XE Software | 3.16.6bS | affected |
| Cisco | Cisco IOS XE Software | 3.16.7bS | affected |
| Cisco | Cisco IOS XE Software | 3.16.8S | affected |
| Cisco | Cisco IOS XE Software | 3.17.0S | affected |
| Cisco | Cisco IOS XE Software | 3.17.1S | affected |
| Cisco | Cisco IOS XE Software | 3.17.2S | affected |
| Cisco | Cisco IOS XE Software | 3.17.3S | affected |
| Cisco | Cisco IOS XE Software | 3.17.4S | affected |
| Cisco | Cisco IOS XE Software | 16.5.1 | affected |
| Cisco | Cisco IOS XE Software | 16.5.2 | affected |
| Cisco | Cisco IOS XE Software | 16.5.3 | affected |
| Cisco | Cisco IOS XE Software | 3.18.0S | affected |
| Cisco | Cisco IOS XE Software | 3.18.1S | affected |
| Cisco | Cisco IOS XE Software | 3.18.2S | affected |
| Cisco | Cisco IOS XE Software | 3.18.3S | affected |
| Cisco | Cisco IOS XE Software | 3.18.4S | affected |
| Cisco | Cisco IOS XE Software | 3.18.0SP | affected |
| Cisco | Cisco IOS XE Software | 3.18.1SP | affected |
| Cisco | Cisco IOS XE Software | 3.18.1gSP | affected |
| Cisco | Cisco IOS XE Software | 3.18.1bSP | affected |
| Cisco | Cisco IOS XE Software | 3.18.2SP | affected |
| Cisco | Cisco IOS XE Software | 3.18.1hSP | affected |
| Cisco | Cisco IOS XE Software | 3.18.1iSP | affected |
| Cisco | Cisco IOS XE Software | 3.18.3SP | affected |
| Cisco | Cisco IOS XE Software | 3.18.4SP | affected |
| Cisco | Cisco IOS XE Software | 16.6.1 | affected |
| Cisco | Cisco IOS XE Software | 16.6.2 | affected |
| Cisco | Cisco IOS XE Software | 16.6.3 | affected |
| Cisco | Cisco IOS XE Software | 16.6.4 | affected |
| Cisco | Cisco IOS XE Software | 16.7.1 | affected |
| Cisco | Cisco IOS XE Software | 16.7.2 | affected |
| Cisco | Cisco IOS XE Software | 16.8.1 | affected |
| Cisco | Cisco IOS XE Software | 16.8.1b | affected |
| Cisco | Cisco IOS XE Software | 16.8.1c | affected |
Weaknesses
- CWE-20: CWE-20
ADP Enrichment
CVE Program Container
Additional References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf
- http://www.securityfocus.com/bid/107615
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf
- http://www.securityfocus.com/bid/107615
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.