All the vulnerabilites related to cisco - ncs_1001
cve-2021-34720
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Severity ?
EPSS score ?
Summary
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:54:22.268217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:49.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-771",
"description": "CWE-771",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:03",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"
}
],
"source": {
"advisory": "cisco-sa-ipsla-ZA3SRrpP",
"defect": [
[
"CSCvw32825",
"CSCvw61840"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34720",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-771"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"
}
]
},
"source": {
"advisory": "cisco-sa-ipsla-ZA3SRrpP",
"defect": [
[
"CSCvw32825",
"CSCvw61840"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34720",
"datePublished": "2021-09-09T05:01:03.855610Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:00:49.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3530
Vulnerability from cvelistv5
Published
2020-09-04 02:25
Modified
2024-11-13 18:08
Severity ?
EPSS score ?
Summary
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200902 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:24:12.678128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:08:33.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T02:25:40",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200902 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv"
}
],
"source": {
"advisory": "cisco-sa-iosxr-cli-privescl-sDVEmhqv",
"defect": [
[
"CSCvu79978",
"CSCvu99038",
"CSCvv05925"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Authenticated User Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-02T16:00:00",
"ID": "CVE-2020-3530",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Authenticated User Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.4",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200902 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-cli-privescl-sDVEmhqv",
"defect": [
[
"CSCvu79978",
"CSCvu99038",
"CSCvv05925"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3530",
"datePublished": "2020-09-04T02:25:40.623334Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T18:08:33.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34721
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:12.552835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:42.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:13",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"source": {
"advisory": "cisco-sa-iosxr-cmd-inj-wbZKvPxc",
"defect": [
[
"CSCvx48001",
"CSCvx48002"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34721",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-cmd-inj-wbZKvPxc",
"defect": [
[
"CSCvx48001",
"CSCvx48002"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34721",
"datePublished": "2021-09-09T05:01:13.579483Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:00:42.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34718
Vulnerability from cvelistv5
Published
2021-09-09 05:00
Modified
2024-11-07 22:01
Severity ?
EPSS score ?
Summary
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:15.314953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:01:03.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:00:43",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"
}
],
"source": {
"advisory": "cisco-sa-iosxr-scp-inject-QwZOCv2",
"defect": [
[
"CSCvx48017"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34718",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Arbitrary File Read and Write Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-scp-inject-QwZOCv2",
"defect": [
[
"CSCvx48017"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34718",
"datePublished": "2021-09-09T05:00:43.820831Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:01:03.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16023
Vulnerability from cvelistv5
Published
2020-09-23 00:26
Modified
2024-11-13 18:04
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:59.183412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:04:48.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:26:22",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00",
"ID": "CVE-2019-16023",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16023",
"datePublished": "2020-09-23T00:26:22.854791Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-13T18:04:48.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1268
Vulnerability from cvelistv5
Published
2021-02-04 16:35
Modified
2024-11-08 23:54
Severity ?
EPSS score ?
Summary
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210203 Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:49:57.430099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:54:23.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1076",
"description": "CWE-1076",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T16:35:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210203 Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K"
}
],
"source": {
"advisory": "cisco-sa-xripv6-spJem78K",
"defect": [
[
"CSCvv45504"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-02-03T16:00:00",
"ID": "CVE-2021-1268",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1076"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210203 Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K"
}
]
},
"source": {
"advisory": "cisco-sa-xripv6-spJem78K",
"defect": [
[
"CSCvv45504"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1268",
"datePublished": "2021-02-04T16:35:25.387755Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:54:23.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15989
Vulnerability from cvelistv5
Published
2020-01-26 04:30
Modified
2024-11-15 17:46
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:22:41.672887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:46:50.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim\u0026rsquo;s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:30:38",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-bgp-dos",
"defect": [
[
"CSCvr69950"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2019-15989",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim\u0026rsquo;s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-bgp-dos",
"defect": [
[
"CSCvr69950"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15989",
"datePublished": "2020-01-26T04:30:38.252280Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-15T17:46:50.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20064
Vulnerability from cvelistv5
Published
2023-03-09 00:00
Modified
2024-10-25 16:03
Severity ?
EPSS score ?
Summary
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230308 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:23.610206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:03:12.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-09T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230308 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
}
],
"source": {
"advisory": "cisco-sa-iosxr-load-infodisc-9rdOr5Fq",
"defect": [
[
"CSCvz42457",
"CSCwc97332",
"CSCwd61802",
"CSCwd61820",
"CSCwd79460"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20064",
"datePublished": "2023-03-09T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-25T16:03:12.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16019
Vulnerability from cvelistv5
Published
2020-09-23 00:26
Modified
2024-11-13 18:04
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:56.795158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:04:28.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:26:31",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00",
"ID": "CVE-2019-16019",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16019",
"datePublished": "2020-09-23T00:26:31.511247Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-13T18:04:28.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34722
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:10.838609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:36.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:19",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"source": {
"advisory": "cisco-sa-iosxr-cmd-inj-wbZKvPxc",
"defect": [
[
"CSCvx48001",
"CSCvx48002"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Command Injection Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34722",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Command Injection Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software Command Injection Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-cmd-inj-wbZKvPxc",
"defect": [
[
"CSCvx48001",
"CSCvx48002"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34722",
"datePublished": "2021-09-09T05:01:20.026571Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:00:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16020
Vulnerability from cvelistv5
Published
2020-01-26 04:30
Modified
2024-11-15 17:46
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:22:39.249238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:46:32.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:30:57",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2019-16020",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16020",
"datePublished": "2020-01-26T04:30:57.751382Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-15T17:46:32.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16022
Vulnerability from cvelistv5
Published
2020-01-26 04:31
Modified
2024-11-15 17:46
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:22:37.501287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:46:21.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:31:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2019-16022",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16022",
"datePublished": "2020-01-26T04:31:03.023685Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-15T17:46:21.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16021
Vulnerability from cvelistv5
Published
2020-09-23 00:26
Modified
2024-11-13 18:04
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:57.874309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:04:37.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:26:26",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00",
"ID": "CVE-2019-16021",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-evpn",
"defect": [
[
"CSCvr74413",
"CSCvr74986",
"CSCvr80793",
"CSCvr83742",
"CSCvr84254"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16021",
"datePublished": "2020-09-23T00:26:27.077617Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-13T18:04:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20236
Vulnerability from cvelistv5
Published
2023-09-13 16:39
Modified
2024-10-23 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.
This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: 5.2.0 Version: 5.2.1 Version: 5.2.2 Version: 5.2.4 Version: 5.2.3 Version: 5.2.5 Version: 5.2.47 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.3.4 Version: 6.0.0 Version: 6.0.1 Version: 6.0.2 Version: 6.1.1 Version: 6.1.2 Version: 6.1.3 Version: 6.1.4 Version: 6.1.12 Version: 6.1.22 Version: 6.1.32 Version: 6.1.36 Version: 6.1.42 Version: 6.2.1 Version: 6.2.2 Version: 6.2.3 Version: 6.2.25 Version: 6.2.11 Version: 6.3.2 Version: 6.3.3 Version: 6.3.15 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 6.5.1 Version: 6.5.2 Version: 6.5.3 Version: 6.5.25 Version: 6.5.26 Version: 6.5.28 Version: 6.5.29 Version: 6.5.32 Version: 6.5.33 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 6.6.4 Version: 7.0.1 Version: 7.0.2 Version: 7.0.12 Version: 7.0.14 Version: 7.1.1 Version: 7.1.15 Version: 7.1.2 Version: 7.1.3 Version: 6.7.1 Version: 6.7.2 Version: 6.7.3 Version: 6.7.4 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.15 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 6.8.1 Version: 6.8.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 7.7.21 Version: 6.9.1 Version: 6.9.2 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 Version: 7.9.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20236",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:36:16.200980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T19:10:48.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.2.3"
},
{
"status": "affected",
"version": "5.2.5"
},
{
"status": "affected",
"version": "5.2.47"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "6.1.12"
},
{
"status": "affected",
"version": "6.1.22"
},
{
"status": "affected",
"version": "6.1.32"
},
{
"status": "affected",
"version": "6.1.36"
},
{
"status": "affected",
"version": "6.1.42"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.25"
},
{
"status": "affected",
"version": "6.2.11"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.3.15"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T19:50:10.951Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
],
"source": {
"advisory": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"defects": [
"CSCvz63925",
"CSCvz63918",
"CSCwe12502",
"CSCvz63929",
"CSCwi31568",
"CSCwh78724",
"CSCwi26526",
"CSCwh70601",
"CSCwh78727",
"CSCwj83430",
"CSCwj88475"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20236",
"datePublished": "2023-09-13T16:39:19.418Z",
"dateReserved": "2022-10-27T18:47:50.370Z",
"dateUpdated": "2024-10-23T19:10:48.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34728
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:09.558894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:30.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:01:25",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"source": {
"advisory": "cisco-sa-iosxr-privescal-dZYMrKf",
"defect": [
[
"CSCvx48004",
"CSCvx48007"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34728",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-privescal-dZYMrKf",
"defect": [
[
"CSCvx48004",
"CSCvx48007"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34728",
"datePublished": "2021-09-09T05:01:25.148942Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:00:30.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20821
Vulnerability from cvelistv5
Published
2022-05-26 14:00
Modified
2024-10-29 16:11
Severity ?
EPSS score ?
Summary
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220520 Cisco IOS XR Software Health Check Open Port Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20821",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T16:11:07.480784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20821"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:11:35.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system."
}
],
"exploits": [
{
"lang": "en",
"value": "In May 2022, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers apply suitable workaround or upgrade to a fixed software release to remediate this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T14:00:31",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220520 Cisco IOS XR Software Health Check Open Port Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK"
}
],
"source": {
"advisory": "cisco-sa-iosxr-redis-ABJyE5xK",
"defect": [
[
"CSCwb82689"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Health Check Open Port Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-05-20T23:00:00",
"ID": "CVE-2022-20821",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Health Check Open Port Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "In May 2022, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers apply suitable workaround or upgrade to a fixed software release to remediate this vulnerability."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220520 Cisco IOS XR Software Health Check Open Port Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-redis-ABJyE5xK",
"defect": [
[
"CSCwb82689"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20821",
"datePublished": "2022-05-26T14:00:31.613559Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-10-29T16:11:35.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16018
Vulnerability from cvelistv5
Published
2020-01-26 04:30
Modified
2024-11-15 17:46
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:30:06.960997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:46:42.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes\u0026rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:30:47",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-routes",
"defect": [
[
"CSCvr74902"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2019-16018",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes\u0026rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-routes",
"defect": [
[
"CSCvr74902"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16018",
"datePublished": "2020-01-26T04:30:48.072294Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-15T17:46:42.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34719
Vulnerability from cvelistv5
Published
2021-09-09 05:00
Modified
2024-11-07 22:00
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:13.784833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:00:55.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T05:00:53",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"source": {
"advisory": "cisco-sa-iosxr-privescal-dZYMrKf",
"defect": [
[
"CSCvx48004",
"CSCvx48007"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-08T16:00:00",
"ID": "CVE-2021-34719",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-privescal-dZYMrKf",
"defect": [
[
"CSCvx48004",
"CSCvx48007"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34719",
"datePublished": "2021-09-09T05:00:53.764430Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:00:55.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | asr_9000v-v2 | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ios_xrv | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_520 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540_fronthaul | - | |
| cisco | ncs_560-4 | - | |
| cisco | ncs_560-7 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_6000 | - | |
| cisco | ncs_6008 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | 8101-32fh | - | |
| cisco | 8101-32h | - | |
| cisco | 8102-64h | - | |
| cisco | 8201 | - | |
| cisco | 8201-32fh | - | |
| cisco | 8202 | - | |
| cisco | 8804 | - | |
| cisco | 8808 | - | |
| cisco | 8812 | - | |
| cisco | 8818 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94870F6C-0223-463B-A29F-2C9AE7DE7CAD",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en la CLI de Cisco IOS XR Software podr\u00edan permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comandos arbitrario con privilegios de root. Para conseguir m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34722",
"lastModified": "2024-11-21T06:11:02.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.770",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim\u0026rsquo;s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) en Cisco IOS XR Software, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido al procesamiento incorrecto de un mensaje de actualizaci\u00f3n BGP que contiene un atributo BGP espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP que incluyan un atributo espec\u00edfico con malformaci\u00f3n para que un sistema afectado lo procese. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar esta vulnerabilidad, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir de un peer BGP v\u00e1lido y configurado o el atacante deber\u00eda inyectarlo en la red BGP victim\u2019s en una conexi\u00f3n TCP v\u00e1lida existente a un peer BGP."
}
],
"id": "CVE-2019-15989",
"lastModified": "2024-11-21T04:29:52.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:13.567",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 04:29
Severity ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 6.6.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.2 | |
| cisco | asr_9000 | - | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | asr_9922 | - | |
| cisco | carrier_routing_system | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.25 | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ios_xr | 7.0.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ncs_6000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A15B6B59-E90B-43A8-B4E7-3718FE6990AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A50A1CA4-F928-4787-ADB4-0274301B7EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:-:*",
"matchCriteriaId": "9FF5102C-3163-48F1-8D44-352D6715288D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:-:*",
"matchCriteriaId": "7FA1F27F-3265-482D-AD31-BCB300419526",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:-:*",
"matchCriteriaId": "6D1A5E2E-1CF6-4E3D-A474-9AA26758E574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:-:*",
"matchCriteriaId": "3AE8FA9B-C71B-42AE-94B2-580F505BC17F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:carrier_routing_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58042C12-8C73-4FD2-B9D5-BD895C442C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad de Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para que sean procesados por un sistema afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS.\u0026#xa0;La implementaci\u00f3n de Cisco de BGP acepta tr\u00e1fico BGP entrante solo de peers definidos expl\u00edcitamente.\u0026#xa0;Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda provenir de un peer BGP v\u00e1lido configurado, o necesitar\u00eda ser inyectado por el atacante en la red BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida existente a un peer BGP"
}
],
"id": "CVE-2019-16021",
"lastModified": "2024-11-21T04:29:56.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:13.940",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-09 22:15
Modified
2024-11-21 07:40
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | asr_9000v-v2 | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ios_xr | * | |
| cisco | nc57-18dd-se | - | |
| cisco | nc57-24dd | - | |
| cisco | nc57-36h-se | - | |
| cisco | nc57-36h6d-s | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540_fronthaul | - | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ncs_560-4 | - | |
| cisco | ncs_560-7 | - | |
| cisco | ncs_57b1-5dse-sys | - | |
| cisco | ncs_57b1-6d24-sys | - | |
| cisco | ncs_57c1-48q6-sys | - | |
| cisco | ncs_57c3-mod-sys | - | |
| cisco | ncs_57c3-mods-sys | - | |
| cisco | ios_xr | * | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ios_xr | * | |
| cisco | ncs_6000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6CEEB-0908-4884-A51E-000000DE5E92",
"versionEndExcluding": "7.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAE7AE4D-73A6-4179-80DA-2219563928E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FF7BDEE-8351-4CE3-BEAD-42C8767E0BF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "A5266F35-6886-4CF1-81DB-25626A0A26A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25F4932-6940-4934-B110-577417B93948",
"versionEndExcluding": "7.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nc57-18dd-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98728BD8-C11B-413D-8C8A-052661A608AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc57-24dd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B61EB0-E121-4899-9504-269CE4E7E3EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc57-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6811F99A-F96F-4B26-AF68-DC1A8C3B65E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc57-36h6d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "560B88A5-3716-43AB-A094-063293EF6509",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3FBC1F6-F523-485A-A466-B6DBA15E6537",
"versionEndExcluding": "7.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C15E168-11DA-4219-B689-78BC48935263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device."
}
],
"id": "CVE-2023-20064",
"lastModified": "2024-11-21T07:40:28.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-09T22:15:52.277",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | asr_9000v-v2 | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ios_xrv | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_520 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540_fronthaul | - | |
| cisco | ncs_560-4 | - | |
| cisco | ncs_560-7 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_4009 | - | |
| cisco | ncs_4016 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_6000 | - | |
| cisco | ncs_6008 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso del servidor SSH de Cisco IOS XR Software podr\u00eda permitir a un atacante remoto autenticado sobrescribir y leer archivos arbitrario en el dispositivo local. Esta vulnerabilidad es debido a una insuficiente comprobaci\u00f3n de entrada de los argumentos suministrados por el usuario para un m\u00e9todo espec\u00edfico de transferencia de archivos. Un atacante con privilegios de nivel inferior podr\u00eda explotar esta vulnerabilidad al especificar par\u00e1metros del Protocolo de Copia Segura (SCP) cuando se autentifica en un dispositivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar sus privilegios y recuperar y cargar archivos en un dispositivo al que no deber\u00eda tener acceso"
}
],
"id": "CVE-2021-34718",
"lastModified": "2024-11-21T06:11:02.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.103",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-13 17:15
Modified
2024-11-21 07:40
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.
This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | 8201 | - | |
| cisco | 8202 | - | |
| cisco | 8208 | - | |
| cisco | 8212 | - | |
| cisco | 8218 | - | |
| cisco | 8804 | - | |
| cisco | 8808 | - | |
| cisco | 8812 | - | |
| cisco | 8818 | - | |
| cisco | 8831 | - | |
| cisco | asr_9000 | - | |
| cisco | asr_9000v | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9920 | - | |
| cisco | asr_9922 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_4009 | - | |
| cisco | ncs_4016 | - | |
| cisco | ncs_4201 | - | |
| cisco | ncs_4202 | - | |
| cisco | ncs_4206 | - | |
| cisco | ncs_4216 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501 | se | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502 | se | |
| cisco | ncs_5504 | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ncs_560 | - | |
| cisco | ncs_560-4 | - | |
| cisco | ncs_560-7 | - | |
| cisco | ncs_57b1-5dse-sys | - | |
| cisco | ncs_57b1-6d24-sys | - | |
| cisco | ncs_57c1-48q6-sys | - | |
| cisco | ncs_57c3-mod-sys | - | |
| cisco | ncs_57c3-mods-sys | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F31C819-2725-4295-8FF3-BA00A7A6BE92",
"versionEndExcluding": "7.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34DAD43-0C95-4830-8078-EFE3E6C0A930",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5CBF0-7F55-44C0-B321-896BDBA22679",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D381E343-416F-42AF-A780-D330954F238F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2514A1-486C-40F7-8746-56E2B973CBE6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEF8271-315F-4756-931F-015F790BE693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E7ED87-8AC0-4107-A7A5-F334236E2906",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41C5ECF8-EFFE-4C27-8DCB-2533BFD5200F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68C23248-3D61-4BAF-9602-BA31FB4374DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C36494B4-8E2D-4399-97B5-725792BD5C45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0819EF17-5102-45FF-96AD-85BE17FD6921",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
"matchCriteriaId": "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
"matchCriteriaId": "603980FE-9865-4A71-A37C-A90B7F3B72D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de arranque iPXE del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado instale una imagen de software no verificada en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de imagen insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando los par\u00e1metros de arranque para la verificaci\u00f3n de im\u00e1genes durante el proceso de arranque iPXE en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante iniciar una imagen de software no verificada en el dispositivo afectado."
}
],
"id": "CVE-2023-20236",
"lastModified": "2024-11-21T07:40:57.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-13T17:15:09.607",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-04 03:15
Modified
2024-11-21 05:31
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Summary
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | asr_9000v | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A42D395-5212-4A00-BE32-6D806D032E67",
"versionEndExcluding": "7.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la asignaci\u00f3n del grupo de tareas para un comando de la CLI espec\u00edfico en Cisco IOS XR Software podr\u00eda permitir a un atacante local autenticado ejecutar ese comando, aunque deber\u00edan ser requeridos privilegios administrativos. El atacante debe tener credenciales v\u00e1lidas en el dispositivo afectado. La vulnerabilidad es debido a una asignaci\u00f3n incorrecta en el c\u00f3digo fuente de las asignaciones de grupos de tareas para un comando espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la emisi\u00f3n del comando, que no deber\u00eda estar autorizado para emitir, en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante invalidar la integridad del disco y causar que el dispositivo se reinicie. Esta vulnerabilidad podr\u00eda permitir a un usuario con permisos de lectura emitir un comando espec\u00edfico que requerir\u00eda privilegios de Administrador"
}
],
"id": "CVE-2020-3530",
"lastModified": "2024-11-21T05:31:15.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-04T03:15:10.620",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la CLI de Cisco IOS XR Software podr\u00edan permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34728",
"lastModified": "2024-11-21T06:11:03.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.870",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 04:29
Severity ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para ser procesados ??por un sistema afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir desde un peer de BGP v\u00e1lido y configurado, o necesitar\u00eda ser inyectado por parte del atacante en la red de BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida y existente a un peer de BGP."
}
],
"id": "CVE-2019-16022",
"lastModified": "2024-11-21T04:29:56.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:16.193",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | asr_9000v-v2 | - | |
| cisco | asr_9001 | - | |
| cisco | asr_9006 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9901 | - | |
| cisco | asr_9902 | - | |
| cisco | asr_9903 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9906 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ios_xrv | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_520 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540_fronthaul | - | |
| cisco | ncs_560-4 | - | |
| cisco | ncs_560-7 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_5501 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502 | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_6000 | - | |
| cisco | ncs_6008 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ios_xr | * | |
| cisco | ios_xr | * | |
| cisco | 8101-32fh | - | |
| cisco | 8101-32h | - | |
| cisco | 8102-64h | - | |
| cisco | 8201 | - | |
| cisco | 8201-32fh | - | |
| cisco | 8202 | - | |
| cisco | 8804 | - | |
| cisco | 8808 | - | |
| cisco | 8812 | - | |
| cisco | 8818 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en la CLI de Cisco IOS XR Software podr\u00edan permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comandos arbitrario con privilegios de root. Para conseguir m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34721",
"lastModified": "2024-11-21T06:11:02.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.677",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 04:29
Severity ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 6.6.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.2 | |
| cisco | asr_9000 | - | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | asr_9922 | - | |
| cisco | carrier_routing_system | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.25 | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ios_xr | 7.0.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ncs_6000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A15B6B59-E90B-43A8-B4E7-3718FE6990AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A50A1CA4-F928-4787-ADB4-0274301B7EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:-:*",
"matchCriteriaId": "9FF5102C-3163-48F1-8D44-352D6715288D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:-:*",
"matchCriteriaId": "7FA1F27F-3265-482D-AD31-BCB300419526",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:-:*",
"matchCriteriaId": "6D1A5E2E-1CF6-4E3D-A474-9AA26758E574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:-:*",
"matchCriteriaId": "3AE8FA9B-C71B-42AE-94B2-580F505BC17F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:carrier_routing_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58042C12-8C73-4FD2-B9D5-BD895C442C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para que sean procesados por un sistema afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS.\u0026#xa0;La implementaci\u00f3n de Cisco de BGP acepta tr\u00e1fico BGP entrante solo de peers definidos expl\u00edcitamente.\u0026#xa0;Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda provenir de un peer BGP v\u00e1lido configurado, o necesitar\u00eda ser inyectado por el atacante en la red BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida existente para un peer BGP"
}
],
"id": "CVE-2019-16019",
"lastModified": "2024-11-21T04:29:56.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:13.847",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 14:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | - | |
| cisco | 8201 | - | |
| cisco | 8202 | - | |
| cisco | 8208 | - | |
| cisco | 8212 | - | |
| cisco | 8218 | - | |
| cisco | ncs-55a1-24h | - | |
| cisco | ncs-55a1-24q6h-s | - | |
| cisco | ncs-55a1-36h-s | - | |
| cisco | ncs-55a1-36h-se | - | |
| cisco | ncs-55a1-36h-se-s | - | |
| cisco | ncs-55a2-mod-hd-s | - | |
| cisco | ncs-55a2-mod-hx-s | - | |
| cisco | ncs-55a2-mod-s | - | |
| cisco | ncs-55a2-mod-se-h-s | - | |
| cisco | ncs-55a2-mod-se-s | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5501-se | - | |
| cisco | ncs_5502-se | - | |
| cisco | ncs_5504 | - | |
| cisco | ncs_5508 | - | |
| cisco | ncs_5516 | - | |
| cisco | ncs_55a1 | - | |
| cisco | ncs_55a2 | - |
{
"cisaActionDue": "2022-06-13",
"cisaExploitAdd": "2022-05-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Cisco IOS XR Open Port Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92587AA0-BDB6-4594-8F14-DC2A91FA4CD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34DAD43-0C95-4830-8078-EFE3E6C0A930",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5CBF0-7F55-44C0-B321-896BDBA22679",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D381E343-416F-42AF-A780-D330954F238F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D61548-61B4-4B53-8574-9DB92B00A627",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-24q6h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C8E3C6-282B-4394-A077-DF8694F7E55D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-36h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF08FAF-67DD-4361-947A-40D5938DB8BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE2AD36-5D52-4489-AAC1-A7AC1B3D2581",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-36h-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14E948CF-9891-4AC8-8734-9C121B611722",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95FEA95-703B-44E0-A7CA-9E38B2EB1980",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-hx-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D37BF94-9D5F-4A88-8115-3A88FF144845",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F0D81-1314-440B-9FC2-56D76CA4CD79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-se-h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E50806D-115D-4903-A5B2-62654FFDD9F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15AE071E-0CEF-4305-A92D-9F4C324BD4ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51897CC-4FBF-4C99-BB69-2C528E392FE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63ED034E-5A46-44A8-9101-8ACD6D334FF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el RPM de comprobaci\u00f3n de salud del software Cisco IOS XR podr\u00eda permitir a un atacante remoto no autenticado acceder a la instancia de Redis que es ejecutado dentro del contenedor NOSi. Esta vulnerabilidad se presenta porque el RPM de comprobaci\u00f3n de salud abre el puerto TCP 6379 por defecto al activarse. Un atacante podr\u00eda explotar esta vulnerabilidad al conectarse a la instancia de Redis en el puerto abierto. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante escribir en la base de datos en memoria de Redis, escribir archivos arbitrarios en el sistema de archivos del contenedor y recuperar informaci\u00f3n sobre la base de datos de Redis. Dada la configuraci\u00f3n del contenedor con sandbox en el que es ejecutada la instancia de Redis, un atacante remoto no podr\u00eda ejecutar c\u00f3digo remoto ni abusar de la integridad del sistema anfitri\u00f3n del software Cisco IOS XR"
}
],
"id": "CVE-2022-20821",
"lastModified": "2024-11-21T06:43:37.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T14:15:08.123",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
"versionEndExcluding": "6.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19A362A-DF30-4B02-832E-FB5389C9400E",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las funciones de respuesta de los Acuerdos de Nivel de Servicio IP (IP SLA) y del Protocolo de Medici\u00f3n Activa de Dos V\u00edas (TWAMP) de Cisco IOS XR Software podr\u00eda permitir a un atacante remoto no autenticado causar el agotamiento de la memoria de paquetes del dispositivo o causar el bloqueo del proceso IP SLA, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad Se presenta porque los fallos en la creaci\u00f3n de sockets son manejados inapropiadamente durante los procesos IP SLA y TWAMP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes espec\u00edficos de IP SLA o TWAMP a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante agotar la memoria de paquetes, lo que afectar\u00eda a otros procesos, como los protocolos de enrutamiento, o bloquear\u00eda el proceso IP SLA"
}
],
"id": "CVE-2021-34720",
"lastModified": "2024-11-21T06:11:02.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.463",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-771"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 04:29
Severity ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 6.6.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.2 | |
| cisco | asr_9000 | - | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | asr_9922 | - | |
| cisco | carrier_routing_system | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_6000 | - | |
| cisco | ios_xr | 6.6.25 | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ios_xr | 7.0.1 | |
| cisco | asr_9000 | - | |
| cisco | asr_9010 | - | |
| cisco | asr_9904 | - | |
| cisco | asr_9910 | - | |
| cisco | asr_9912 | - | |
| cisco | asr_9922 | - | |
| cisco | ios_xrv_9000 | - | |
| cisco | ncs_1001 | - | |
| cisco | ncs_1002 | - | |
| cisco | ncs_1004 | - | |
| cisco | ncs_5001 | - | |
| cisco | ncs_5002 | - | |
| cisco | ncs_5011 | - | |
| cisco | ncs_540 | - | |
| cisco | ncs_540l | - | |
| cisco | ncs_5500 | - | |
| cisco | ncs_560 | - | |
| cisco | ncs_6000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A15B6B59-E90B-43A8-B4E7-3718FE6990AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:-:*",
"matchCriteriaId": "A50A1CA4-F928-4787-ADB4-0274301B7EF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:-:*",
"matchCriteriaId": "9FF5102C-3163-48F1-8D44-352D6715288D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:-:*",
"matchCriteriaId": "7FA1F27F-3265-482D-AD31-BCB300419526",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:-:*",
"matchCriteriaId": "6D1A5E2E-1CF6-4E3D-A474-9AA26758E574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:-:*",
"matchCriteriaId": "3AE8FA9B-C71B-42AE-94B2-580F505BC17F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:carrier_routing_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58042C12-8C73-4FD2-B9D5-BD895C442C50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1E82A9DB-C7ED-4BD9-8BAA-71928A23485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad de Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante no autenticado remoto causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para que sean procesados por un sistema afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que el proceso BGP se reiniciara inesperadamente, resultando en una condici\u00f3n DoS.\u0026#xa0;La implementaci\u00f3n de Cisco de BGP acepta tr\u00e1fico BGP entrante solo de peers definidos expl\u00edcitamente.\u0026#xa0;Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso deber\u00eda provenir de un peer BGP v\u00e1lido configurado, o necesitar\u00eda ser inyectado por el atacante en la red BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida existente a un peer BGP"
}
],
"id": "CVE-2019-16023",
"lastModified": "2024-11-21T04:29:56.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:14.037",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-04 17:15
Modified
2024-11-21 05:43
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C3061D-B020-4F38-A0DE-67DDAAFC269E",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "010C84AB-7633-4A88-8938-7158EFC1E01C",
"versionEndExcluding": "7.1.3",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA0CDB4-13C5-48BC-B3F5-36F8E2BD8DA1",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "323C8DEE-3009-4D8D-A63F-873D2432F3A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo del protocolo IPv6 de las interfaces de administraci\u00f3n del Software Cisco IOS XR, podr\u00eda permitir a un atacante adyacente no autenticado causar una inundaci\u00f3n de IPv6 en la red de la interfaz de administraci\u00f3n de un dispositivo afectado.\u0026#xa0;La vulnerabilidad se presenta porque el software reenv\u00eda incorrectamente paquetes IPv6 que contienen un destino de direcci\u00f3n de grupo de multidifusi\u00f3n local de nodo IPv6 y son recibidos en las interfaces de administraci\u00f3n.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al conectarse a la misma red que las interfaces de administraci\u00f3n e inyectando paquetes IPv6 que contienen un destino de direcci\u00f3n de grupo de multidifusi\u00f3n local de nodo IPv6.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una inundaci\u00f3n de IPv6 en la red correspondiente.\u0026#xa0;Dependiendo de la cantidad de nodos del Software Cisco IOS XR, en ese segmento de red, la explotaci\u00f3n podr\u00eda causar un tr\u00e1fico de red excesivo, resultando en una degradaci\u00f3n de la red o una condici\u00f3n de denegaci\u00f3n de servicio (DoS)"
}
],
"id": "CVE-2021-1268",
"lastModified": "2024-11-21T05:43:58.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-04T17:15:14.967",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1076"
}
],
"source": "ykramarz@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes\u0026rsquo; status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido al procesamiento incorrecto de un mensaje de actualizaci\u00f3n de BGP que contiene atributos EVPN dise\u00f1ados. Un atacante podr\u00eda explotar indirectamente la vulnerabilidad mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con un atributo espec\u00edfico malformado hacia un sistema afectado y esperar a que un usuario en el dispositivo despliegue el estado operativo routes\u2019 de EVPN. Si tiene \u00e9xito, el atacante podr\u00eda causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar esta vulnerabilidad, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir desde un peer de BGP v\u00e1lido y configurado, o necesitar\u00eda ser inyectado por parte del atacante en la red de BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida y existente a un peer de BGP."
}
],
"id": "CVE-2019-16018",
"lastModified": "2024-11-21T04:29:56.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:14.413",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 04:29
Severity ?
Summary
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para ser procesados ??por un sistema afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir desde un peer de BGP v\u00e1lido y configurado, o necesitar\u00eda ser inyectado por parte del atacante en la red de BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida y existente a un peer de BGP."
}
],
"id": "CVE-2019-16020",
"lastModified": "2024-11-21T04:29:56.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:16.053",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
"versionEndExcluding": "7.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
"versionEndExcluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la CLI de Cisco IOS XR Software podr\u00edan permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2021-34719",
"lastModified": "2024-11-21T06:11:02.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T05:15:11.310",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}