Rewterz Threat Advisory – CVE 2019-1918 – Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

Thursday, August 8, 2019

Severity

High

Analysis Summary

The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition.

Impact

Denial of service

Affected Vendors

Cisco

Affected Products

Cisco IOS XR Software releases later than 6.5.1 and earlier than 6.6.3.

Remediation

Cisco fixed this vulnerability in Cisco IOS XR Software Release 6.6.3.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 22, August 2019 Rewterz Threat Advisory – CVE-2019-15295 – BitDefender Antivirus Free 2020 – Privilege Escalation to SYSTEM
  • 22, August 2019 Rewterz Threat Alert – Banks All over the World Attacked by Silence Advanced Hackers
  • 22, August 2019 Rewterz Threat Alert – Adwind Bypasses Microsoft ATP to Attack Utilities Industry
  • 21, August 2019 Rewterz Threat Advisory – Multiple vulnerabilities fixed in VLC media player

Copyright © Rewterz. All rights reserved.