{"containers": {"cna": {"affected": [{"product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-01-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-26T04:30:47.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"}], "source": {"advisory": "cisco-sa-20200122-ios-xr-routes", "defect": [["CSCvr74902"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-16018", "STATE": "PUBLIC", "TITLE": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XR Software", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.4", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"}]}, "source": {"advisory": "cisco-sa-20200122-ios-xr-routes", "defect": [["CSCvr74902"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.796Z"}, "title": "CVE Program Container", "references": [{"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T16:30:06.960997Z", "id": "CVE-2019-16018", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:46:42.156Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-16018", "datePublished": "2020-01-26T04:30:48.072Z", "dateReserved": "2019-09-06T00:00:00.000Z", "dateUpdated": "2024-11-15T17:46:42.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes", "name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.796Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-16018", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T16:30:06.960997Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T16:30:51.102Z"}}], "cna": {"title": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "source": {"defect": [["CSCvr74902"]], "advisory": "cisco-sa-20200122-ios-xr-routes", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "n/a", "versionType": "custom"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2020-01-22T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes", "name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-399", "description": "CWE-399"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2020-01-26T04:30:47.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "7.4", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}}, "source": {"defect": [["CSCvr74902"]], "advisory": "cisco-sa-20200122-ios-xr-routes", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<", "version_value": "n/a", "version_affected": "<"}]}, "product_name": "Cisco IOS XR Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes", "name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16018", "STATE": "PUBLIC", "TITLE": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-01-22T16:00:00-0800"}}}}, "cveMetadata": {"cveId": "CVE-2019-16018", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:46:42.156Z", "dateReserved": "2019-09-06T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2020-01-26T04:30:48.072Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*", "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*", "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*", "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*", "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*", "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*", "matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*", "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*", "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*", "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*", "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*", "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*", "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*", "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*", "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*", "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*", "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*", "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*", "matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*", "matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*", "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*", "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*", "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*", "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*", "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*", "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*", "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*", "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*", "matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes&rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido al procesamiento incorrecto de un mensaje de actualizaci\u00f3n de BGP que contiene atributos EVPN dise\u00f1ados. Un atacante podr\u00eda explotar indirectamente la vulnerabilidad mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con un atributo espec\u00edfico malformado hacia un sistema afectado y esperar a que un usuario en el dispositivo despliegue el estado operativo routes\u2019 de EVPN. Si tiene \u00e9xito, el atacante podr\u00eda causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar esta vulnerabilidad, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir desde un peer de BGP v\u00e1lido y configurado, o necesitar\u00eda ser inyectado por parte del atacante en la red de BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida y existente a un peer de BGP."}], "id": "CVE-2019-16018", "lastModified": "2024-11-21T04:29:56.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-26T05:15:14.413", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}