CVE-2019-1760

Summary

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software3.16.4Saffected
CiscoCisco IOS XE Software3.16.4aSaffected
CiscoCisco IOS XE Software3.16.4bSaffected
CiscoCisco IOS XE Software3.16.4gSaffected
CiscoCisco IOS XE Software3.16.5Saffected
CiscoCisco IOS XE Software3.16.4cSaffected
CiscoCisco IOS XE Software3.16.4dSaffected
CiscoCisco IOS XE Software3.16.4eSaffected
CiscoCisco IOS XE Software3.16.6Saffected
CiscoCisco IOS XE Software3.16.5aSaffected
CiscoCisco IOS XE Software3.16.5bSaffected
CiscoCisco IOS XE Software3.16.7Saffected
CiscoCisco IOS XE Software3.16.6bSaffected
CiscoCisco IOS XE Software3.16.7aSaffected
CiscoCisco IOS XE Software3.16.7bSaffected
CiscoCisco IOS XE Software3.2.0JAaffected
CiscoCisco IOS XE Software16.3.2affected
CiscoCisco IOS XE Software16.3.3affected
CiscoCisco IOS XE Software16.3.4affected
CiscoCisco IOS XE Software16.3.5affected
CiscoCisco IOS XE Software16.3.5baffected
CiscoCisco IOS XE Software16.3.6affected
CiscoCisco IOS XE Software16.4.1affected
CiscoCisco IOS XE Software16.4.2affected
CiscoCisco IOS XE Software16.4.3affected
CiscoCisco IOS XE Software16.5.1affected
CiscoCisco IOS XE Software16.5.1aaffected
CiscoCisco IOS XE Software16.5.1baffected
CiscoCisco IOS XE Software16.5.2affected
CiscoCisco IOS XE Software16.5.3affected
CiscoCisco IOS XE Software16.6.1affected
CiscoCisco IOS XE Software16.6.2affected
CiscoCisco IOS XE Software16.6.3affected
CiscoCisco IOS XE Software16.7.1affected
CiscoCisco IOS XE Software16.7.1aaffected
CiscoCisco IOS XE Software16.7.1baffected
CiscoCisco IOS XE Software16.8.1affected
CiscoCisco IOS XE Software16.8.1aaffected
CiscoCisco IOS XE Software16.8.1baffected
CiscoCisco IOS XE Software16.8.1saffected
CiscoCisco IOS XE Software16.8.1caffected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References