Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

high Nessus Plugin ID 127900

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XR Software is affected by multiple vulnerabilities:

- A vulnerability in the implementation of the Intermediate System-to-Intermediate System (IS-IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS-IS link-state protocol data units (PDUs).
An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS-IS area to unexpectedly restart the IS-IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS-IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. (CVE-2019-1910)

- A vulnerability in the implementation of Intermediate System-to-Intermediate System (IS-IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS-IS link-state protocol data units (PDUs).
An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS-IS process, resulting in a DoS condition. (CVE-2019-1918)

Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvp49076 and CSCvp90854

See Also

http://www.nessus.org/u?6e181e06

http://www.nessus.org/u?9cf9e486

http://www.nessus.org/u?22433b62

http://www.nessus.org/u?ec503ab3

Plugin Details

Severity: High

ID: 127900

File Name: cisco-sa-20190807-iosxr-isis-dos-1918.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 8/16/2019

Updated: 5/3/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-1918

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Settings/ParanoidReport, Host/Cisco/IOS-XR/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/7/2019

Vulnerability Publication Date: 8/7/2019

Reference Information

CVE: CVE-2019-1910, CVE-2019-1918