Strix
26.1K

CVE-2019-1749

HIGHCVSS 7.4/10EPSS 0.60%

Last modified

CVE-2019-1749 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. EPSS estimates a 0.60% chance of exploitation in the next 30 days.

Description

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.

Metrics

CVSS 3.1
7.4/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Probability
0.60%

44.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos Xe3.13.6as
CiscoIos Xe3.16.0as
CiscoIos Xe3.16.1as
CiscoIos Xe3.16.2as
CiscoIos Xe3.16.3as
CiscoIos Xe3.16.4bs
CiscoIos Xe3.16.4cs
CiscoIos Xe3.16.4ds
CiscoIos Xe3.16.4es
CiscoIos Xe3.16.4gs
CiscoIos Xe3.16.4s
CiscoIos Xe3.16.5as
CiscoIos Xe3.16.5s
CiscoIos Xe3.16.6bs
CiscoIos Xe3.16.6s
CiscoIos Xe3.16.7bs
CiscoIos Xe3.16.7s
CiscoIos Xe3.16.8s
CiscoIos Xe3.17.0s
CiscoIos Xe3.17.1s
CiscoIos Xe3.17.3s
CiscoIos Xe3.17.4s
CiscoIos Xe3.18.0s
CiscoIos Xe3.18.0sp
CiscoIos Xe3.18.1bsp
CiscoIos Xe3.18.1gsp
CiscoIos Xe3.18.1hsp
CiscoIos Xe3.18.1isp
CiscoIos Xe3.18.1s
CiscoIos Xe3.18.1sp
CiscoIos Xe3.18.2s
CiscoIos Xe3.18.2sp
CiscoIos Xe3.18.3s
CiscoIos Xe3.18.3sp
CiscoIos Xe3.18.4s
CiscoIos Xe3.18.4sp
CiscoIos Xe16.5.1
CiscoIos Xe16.5.2
CiscoIos Xe16.5.3
CiscoIos Xe16.6.1
CiscoIos Xe16.6.2
CiscoIos Xe16.6.3
CiscoIos Xe16.6.4
CiscoIos Xe16.7.1
CiscoIos Xe16.7.2
CiscoIos Xe16.8.1
CiscoIos Xe16.8.1b
CiscoIos Xe16.8.1c

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1749?
A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition.
How severe is CVE-2019-1749?
CVE-2019-1749 has a CVSS score of 7.4/10 (HIGH severity). The EPSS model estimates a 0.60% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1749?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1749?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST