CVE-2019-1749

Summary

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software3.13.6aSaffected
CiscoCisco IOS XE Software3.16.0aSaffected
CiscoCisco IOS XE Software3.16.1aSaffected
CiscoCisco IOS XE Software3.16.2aSaffected
CiscoCisco IOS XE Software3.16.3aSaffected
CiscoCisco IOS XE Software3.16.4Saffected
CiscoCisco IOS XE Software3.16.4bSaffected
CiscoCisco IOS XE Software3.16.4gSaffected
CiscoCisco IOS XE Software3.16.5Saffected
CiscoCisco IOS XE Software3.16.4cSaffected
CiscoCisco IOS XE Software3.16.4dSaffected
CiscoCisco IOS XE Software3.16.4eSaffected
CiscoCisco IOS XE Software3.16.6Saffected
CiscoCisco IOS XE Software3.16.5aSaffected
CiscoCisco IOS XE Software3.16.7Saffected
CiscoCisco IOS XE Software3.16.6bSaffected
CiscoCisco IOS XE Software3.16.7bSaffected
CiscoCisco IOS XE Software3.16.8Saffected
CiscoCisco IOS XE Software3.17.0Saffected
CiscoCisco IOS XE Software3.17.1Saffected
CiscoCisco IOS XE Software3.17.2Saffected
CiscoCisco IOS XE Software3.17.3Saffected
CiscoCisco IOS XE Software3.17.4Saffected
CiscoCisco IOS XE Software16.5.1affected
CiscoCisco IOS XE Software16.5.2affected
CiscoCisco IOS XE Software16.5.3affected
CiscoCisco IOS XE Software3.18.0Saffected
CiscoCisco IOS XE Software3.18.1Saffected
CiscoCisco IOS XE Software3.18.2Saffected
CiscoCisco IOS XE Software3.18.3Saffected
CiscoCisco IOS XE Software3.18.4Saffected
CiscoCisco IOS XE Software3.18.0SPaffected
CiscoCisco IOS XE Software3.18.1SPaffected
CiscoCisco IOS XE Software3.18.1gSPaffected
CiscoCisco IOS XE Software3.18.1bSPaffected
CiscoCisco IOS XE Software3.18.2SPaffected
CiscoCisco IOS XE Software3.18.1hSPaffected
CiscoCisco IOS XE Software3.18.1iSPaffected
CiscoCisco IOS XE Software3.18.3SPaffected
CiscoCisco IOS XE Software3.18.4SPaffected
CiscoCisco IOS XE Software16.6.1affected
CiscoCisco IOS XE Software16.6.2affected
CiscoCisco IOS XE Software16.6.3affected
CiscoCisco IOS XE Software16.6.4affected
CiscoCisco IOS XE Software16.7.1affected
CiscoCisco IOS XE Software16.7.2affected
CiscoCisco IOS XE Software16.8.1affected
CiscoCisco IOS XE Software16.8.1baffected
CiscoCisco IOS XE Software16.8.1caffected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References