Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2019-1749

Disclosure Date: March 27, 2019 •

CVE-2019-1749 CVSS v3 Base Score: 7.4

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.4 High

Impact Score:

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector (AV):

Adjacent_network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco IOS XE Software 3.13.6aS

Cisco IOS XE Software 3.16.0aS

Cisco IOS XE Software 3.16.1aS

Cisco IOS XE Software 3.16.2aS

Cisco IOS XE Software 3.16.3aS

Cisco IOS XE Software 3.16.4S

Cisco IOS XE Software 3.16.4bS

Cisco IOS XE Software 3.16.4gS

Cisco IOS XE Software 3.16.5S

Cisco IOS XE Software 3.16.4cS

Cisco IOS XE Software 3.16.4dS

Cisco IOS XE Software 3.16.4eS

Cisco IOS XE Software 3.16.6S

Cisco IOS XE Software 3.16.5aS

Cisco IOS XE Software 3.16.7S

Cisco IOS XE Software 3.16.6bS

Cisco IOS XE Software 3.16.7bS

Cisco IOS XE Software 3.16.8S

Cisco IOS XE Software 3.17.0S

Cisco IOS XE Software 3.17.1S

Cisco IOS XE Software 3.17.2S

Cisco IOS XE Software 3.17.3S

Cisco IOS XE Software 3.17.4S

Cisco IOS XE Software 16.5.1

Cisco IOS XE Software 16.5.2

Cisco IOS XE Software 16.5.3

Cisco IOS XE Software 3.18.0S

Cisco IOS XE Software 3.18.1S

Cisco IOS XE Software 3.18.2S

Cisco IOS XE Software 3.18.3S

Cisco IOS XE Software 3.18.4S

Cisco IOS XE Software 3.18.0SP

Cisco IOS XE Software 3.18.1SP

Cisco IOS XE Software 3.18.1gSP

Cisco IOS XE Software 3.18.1bSP

Cisco IOS XE Software 3.18.2SP

Cisco IOS XE Software 3.18.1hSP

Cisco IOS XE Software 3.18.1iSP

Cisco IOS XE Software 3.18.3SP

Cisco IOS XE Software 3.18.4SP

Cisco IOS XE Software 16.6.1

Cisco IOS XE Software 16.6.2

Cisco IOS XE Software 16.6.3

Cisco IOS XE Software 16.6.4

Cisco IOS XE Software 16.7.1

Cisco IOS XE Software 16.7.2

Cisco IOS XE Software 16.8.1

Cisco IOS XE Software 16.8.1b

Cisco IOS XE Software 16.8.1c

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

cisco

Products

ios xe 16.5.1,
ios xe 16.5.2,
ios xe 16.5.3,
ios xe 16.6.1,
ios xe 16.6.2,
ios xe 16.6.3,
ios xe 16.6.4,
ios xe 16.7.1,
ios xe 16.7.2,
ios xe 16.8.1,
ios xe 16.8.1b,
ios xe 16.8.1c,
ios xe 3.13.6as,
ios xe 3.16.0as,
ios xe 3.16.1as,
ios xe 3.16.2as,
ios xe 3.16.3as,
ios xe 3.16.4bs,
ios xe 3.16.4cs,
ios xe 3.16.4ds,
ios xe 3.16.4es,
ios xe 3.16.4gs,
ios xe 3.16.4s,
ios xe 3.16.5as,
ios xe 3.16.5s,
ios xe 3.16.6bs,
ios xe 3.16.6s,
ios xe 3.16.7bs,
ios xe 3.16.7s,
ios xe 3.16.8s,
ios xe 3.17.0s,
ios xe 3.17.1s,
ios xe 3.17.3s,
ios xe 3.17.4s,
ios xe 3.18.0s,
ios xe 3.18.0sp,
ios xe 3.18.1bsp,
ios xe 3.18.1gsp,
ios xe 3.18.1hsp,
ios xe 3.18.1isp,
ios xe 3.18.1s,
ios xe 3.18.1sp,
ios xe 3.18.2s,
ios xe 3.18.2sp,
ios xe 3.18.3s,
ios xe 3.18.3sp,
ios xe 3.18.4s,
ios xe 3.18.4sp

References

Canonical

CVE-2019-1749 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1749)

BID-107615 (http://www.securityfocus.com/bid/107615)

Advisory

20190327 Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-rsp3-ospf)

Rapid7

Unknown

CVE-2019-1749

Unknown

Unknown

None

None

Adjacent_network

CVE-2019-1749

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2019-1749

Unknown

Unknown

None

None

Adjacent_network

CVE-2019-1749

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification