Rewterz Threat Alert – Nice Try: 501 (Ransomware) Not Implemented
January 27, 2020Rewterz Threat Advisory – CVE-2019-12636 – Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability
January 28, 2020Rewterz Threat Alert – Nice Try: 501 (Ransomware) Not Implemented
January 27, 2020Rewterz Threat Advisory – CVE-2019-12636 – Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability
January 28, 2020Severity
High
Analysis Summary
The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition.
Impact
Denial of service
Affected Vendors
Cisco
Affected Products
Cisco IOS XR Software later than 6.6.1
Remediation
Please refer to vendor”s advisory for the list of upgraded patches.