CVE-2019-16018

Published Jan 26, 2020
Last updated 5 years ago
CVSS medium 6.5
Overview

Description: A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
Source: ykramarz@cisco.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 3.0

Type: Secondary
Base score: 7.4
Impact score: 4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-400
ykramarz@cisco.com: CWE-399
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
          },
          {
            "criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
