All the vulnerabilites related to cisco - xr_12416
cve-2019-16027
Vulnerability from cvelistv5
Published
2020-01-26 04:31
Modified
2024-11-15 17:46
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: unspecified < n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-16027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:30:02.490330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:46:10.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Intermediate System\u0026ndash;to\u0026ndash;Intermediate System (IS\u0026ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS\u0026ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS\u0026ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS\u0026ndash;IS process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T04:31:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200122 Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
],
"source": {
"advisory": "cisco-sa-20200122-ios-xr-dos",
"defect": [
[
"CSCvr62342"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-01-22T16:00:00-0800",
"ID": "CVE-2019-16027",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of the Intermediate System\u0026ndash;to\u0026ndash;Intermediate System (IS\u0026ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS\u0026ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS\u0026ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS\u0026ndash;IS process."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.7",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200122 Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20200122-ios-xr-dos",
"defect": [
[
"CSCvr62342"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-16027",
"datePublished": "2020-01-26T04:31:08.495973Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-15T17:46:10.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1361
Vulnerability from cvelistv5
Published
2016-03-12 02:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035314 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035314"
},
{
"name": "20160311 Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035314",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035314"
},
{
"name": "20160311 Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035314",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035314"
},
{
"name": "20160311 Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1361",
"datePublished": "2016-03-12T02:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-03-12 02:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xr | 3.3.3 | |
| cisco | ios_xr | 3.4.1 | |
| cisco | ios_xr | 3.4.2 | |
| cisco | ios_xr | 3.4.3 | |
| cisco | ios_xr | 3.5.2 | |
| cisco | ios_xr | 3.5.3 | |
| cisco | ios_xr | 3.5.4 | |
| cisco | ios_xr | 3.6.0 | |
| cisco | ios_xr | 3.6.1 | |
| cisco | ios_xr | 3.6.2 | |
| cisco | ios_xr | 3.6.3 | |
| cisco | ios_xr | 3.7.0 | |
| cisco | ios_xr | 3.7.1 | |
| cisco | ios_xr | 3.8.0 | |
| cisco | ios_xr | 3.8.1 | |
| cisco | ios_xr | 3.8.2 | |
| cisco | ios_xr | 3.8.4 | |
| cisco | ios_xr | 3.9.0 | |
| cisco | ios_xr | 3.9.1 | |
| cisco | ios_xr | 3.9.2 | |
| cisco | ios_xr | 4.0.0 | |
| cisco | ios_xr | 4.0.1 | |
| cisco | ios_xr | 4.0.3 | |
| cisco | ios_xr | 4.1.0 | |
| cisco | ios_xr | 4.1.1 | |
| cisco | ios_xr | 4.1.2 | |
| cisco | ios_xr | 4.2.0 | |
| cisco | ios_xr | 4.2.1 | |
| cisco | ios_xr | 4.2.2 | |
| cisco | ios_xr | 4.2.3 | |
| cisco | ios_xr | 4.2.4 | |
| cisco | ios_xr | 4.3.0 | |
| cisco | ios_xr | 4.3.1 | |
| cisco | ios_xr | 4.3.2 | |
| cisco | xr_12404 | * | |
| cisco | xr_12406 | * | |
| cisco | xr_12410 | * | |
| cisco | xr_12416 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1811B6-737F-407C-8AB0-63E6B031D5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81797938-F953-42BE-B287-AA48B9860AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92AED038-C73F-4499-B064-F01D80DB0C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7A249B-AF69-47D0-B6DE-968B4CD0BA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F15240-6323-4766-801A-D887F3EA8A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D99DC1CF-78DC-4E59-98BA-DD84702D6467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9FA754-E3D2-4D80-8F4B-41139973D9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F497A05C-2FC5-427D-8036-2476ACA956C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2252E7B0-9112-4E9E-8CF4-4EC53C630CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1131A524-AA7A-4C94-9FFE-54546EA7D2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46D1A634-D39C-4305-8915-4AA289FB68EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BAB799-3150-46D8-AEA3-9FCC73203221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99042285-94AC-4C57-8EAA-EE63C678A94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96F48419-AF66-4B50-ACBF-9E38287A64FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB71A24-AA6C-4BAD-BD37-5C191751C9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A20B6A9-27B7-4F42-B88D-F4AACC9BC24D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9A223A-7A0A-4E31-B8A1-C809373A799D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECAB9C3-9248-4663-ABAE-31FFC969EF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10596213-9D2B-48A3-A733-744D41E90419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A07DCCD1-85D5-4ED2-B845-8C6EAC7E9D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F57421B-F54C-4C50-8B25-AF787E541C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A865225-6AEA-430D-8DB6-E70F7ED5E547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39F8B336-0DFA-41CE-9EFF-89A09BBDC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFD77AF-358B-4385-BA8E-1BE9AC166825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E593EF3-133A-4E15-9B86-6B451F5C0159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB49EB2-2D99-4C45-80B7-48299A1EBF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6ABB63-E2D2-42F7-B648-BF6002D1C05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58FEC4F2-040A-4D23-8FE0-BC55020766BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82520CBD-F42F-4E2D-9D36-878737779690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB87708-B088-47F7-BABA-2CD456766897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC1194B-56AC-4850-88B0-5EDFF92FABFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074571B4-65EF-451A-89DC-0797F6E4BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D909532E-85F5-4201-8BFF-561A21998D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D962D3-563F-4CDE-B51D-224D7995FBC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:xr_12404:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D5CEDE-699C-496E-95CF-BEF9BCF55981",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12406:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C32030A-3F87-4F01-AA86-493C8F93F777",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CEC5B1-0595-4163-A458-D4FF29F4E117",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12416:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD5FA50-0753-43EA-8D07-8F5D719E394D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900."
},
{
"lang": "es",
"value": "Cisco IOS XR hasta la versi\u00f3n 4.3.2 en dispositivos Gigabit Switch Router (GSR) 12000 no verifica adecuadamente para una cabecera Bidirectional Forwarding Detection (BFD) en un paquete UDP, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de tarjeta en l\u00ednea) a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocida como Bug ID CSCuw56900."
}
],
"id": "CVE-2016-1361",
"lastModified": "2024-11-21T02:46:15.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-12T02:59:04.910",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1035314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035314"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-26 05:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D962D3-563F-4CDE-B51D-224D7995FBC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:xr_12404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1F838A-6CB9-4948-AC05-6C0CF412FF6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12406:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE5027B-E4E9-4661-9480-F344D5AF7620",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "198D511F-F024-4E91-B323-7F1CDA0AE4E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xr_12416:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE218D-CD09-4334-8C83-AFAC8D41F61E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B5C0F4-1BEC-4B54-ABF0-948CFF80E5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F517C60E-4580-486E-9A03-82A023755374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "11E58E99-E8DD-4AF1-BA44-7E81223AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D093D77E-66E3-4659-820E-F7E03A51A83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "11E58E99-E8DD-4AF1-BA44-7E81223AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D093D77E-66E3-4659-820E-F7E03A51A83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC2C35-59C4-4827-89B6-F1A1EDEF8EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0235F415-F327-4914-8E2A-96334984797D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D093D77E-66E3-4659-820E-F7E03A51A83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F517C60E-4580-486E-9A03-82A023755374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540112FA-0329-4CD3-B57B-8CAA6DAC80C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEF8271-315F-4756-931F-015F790BE693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B6AF64-42FF-4411-85EA-9AE537383CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E7ED87-8AC0-4107-A7A5-F334236E2906",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Intermediate System\u0026ndash;to\u0026ndash;Intermediate System (IS\u0026ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS\u0026ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS\u0026ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS\u0026ndash;IS process."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad del protocolo de enrutamiento Intermediate System\u2013to\u2013Intermediate System (IS\u2013IS) en Cisco IOS XR Software, podr\u00eda permitir a un atacante remoto autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el proceso IS\u2013IS. La vulnerabilidad es debido al manejo inapropiado de una petici\u00f3n de Protocolo Simple Network Management Protocol (SNMP) para Object Identifiers (OIDs) espec\u00edficos por el proceso IS\u2013IS. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n SNMP dise\u00f1ada hacia el dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una condici\u00f3n DoS en el proceso IS\u2013IS."
}
],
"id": "CVE-2019-16027",
"lastModified": "2024-11-21T04:29:57.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-26T05:15:16.677",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}