Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1760

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.

Published

2019-03-28T01:29:00.533

Last Modified

2024-11-21T04:37:18.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	3.2.0ja	Yes
Operating System	cisco	ios_xe	3.16.4as	Yes
Operating System	cisco	ios_xe	3.16.4bs	Yes
Operating System	cisco	ios_xe	3.16.4cs	Yes
Operating System	cisco	ios_xe	3.16.4ds	Yes
Operating System	cisco	ios_xe	3.16.4es	Yes
Operating System	cisco	ios_xe	3.16.4gs	Yes
Operating System	cisco	ios_xe	3.16.4s	Yes
Operating System	cisco	ios_xe	3.16.5as	Yes
Operating System	cisco	ios_xe	3.16.5bs	Yes
Operating System	cisco	ios_xe	3.16.5s	Yes
Operating System	cisco	ios_xe	3.16.6bs	Yes
Operating System	cisco	ios_xe	3.16.6s	Yes
Operating System	cisco	ios_xe	3.16.7as	Yes
Operating System	cisco	ios_xe	3.16.7bs	Yes
Operating System	cisco	ios_xe	3.16.7s	Yes
Operating System	cisco	ios_xe	16.3.2	Yes
Operating System	cisco	ios_xe	16.3.3	Yes
Operating System	cisco	ios_xe	16.3.4	Yes
Operating System	cisco	ios_xe	16.3.5	Yes
Operating System	cisco	ios_xe	16.3.5b	Yes
Operating System	cisco	ios_xe	16.3.6	Yes
Operating System	cisco	ios_xe	16.4.1	Yes
Operating System	cisco	ios_xe	16.4.2	Yes
Operating System	cisco	ios_xe	16.4.3	Yes
Operating System	cisco	ios_xe	16.5.1	Yes
Operating System	cisco	ios_xe	16.5.1a	Yes
Operating System	cisco	ios_xe	16.5.1b	Yes
Operating System	cisco	ios_xe	16.5.2	Yes
Operating System	cisco	ios_xe	16.5.3	Yes
Operating System	cisco	ios_xe	16.6.1	Yes
Operating System	cisco	ios_xe	16.6.2	Yes
Operating System	cisco	ios_xe	16.6.3	Yes
Operating System	cisco	ios_xe	16.7.1	Yes
Operating System	cisco	ios_xe	16.7.1a	Yes
Operating System	cisco	ios_xe	16.7.1b	Yes
Operating System	cisco	ios_xe	16.8.1	Yes
Operating System	cisco	ios_xe	16.8.1a	Yes
Operating System	cisco	ios_xe	16.8.1b	Yes
Operating System	cisco	ios_xe	16.8.1c	Yes
Operating System	cisco	ios_xe	16.8.1s	Yes

References

http://www.securityfocus.com/bid/107611 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/107611 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)