Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
August 8, 2019Rewterz Threat Alert – Double Dragon APT41, a Dual Espionage and Cyber Crime Operation
August 8, 2019Rewterz Threat Advisory – CVE 2019-1895 – Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
August 8, 2019Rewterz Threat Alert – Double Dragon APT41, a Dual Espionage and Cyber Crime Operation
August 8, 2019Severity
High
Analysis Summary
The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition.
Impact
Denial of service
Affected Vendors
Cisco
Affected Products
Cisco IOS XR Software releases later than 6.5.1 and earlier than 6.6.3.
Remediation
Cisco fixed this vulnerability in Cisco IOS XR Software Release 6.6.3.