CVE-2019-16018
Description
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victims BGP network on an existing, valid TCP connection to a BGP peer.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Carrier Routing System | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco ASR 9000 Series Aggregation Services Routers | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Network Convergence System 6000 Series Routers | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco IOS XRv 9000 Router | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Network Convergence System 5000 Series | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Network Convergence System 5500 Series | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Network Convergence System 1000 Series | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco Network Convergence System 500 Series Routers | NCM |
| Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability For Cisco 8000 Series Routers | NCM |
| Uncontrolled Resource Consumption Vulnerability (CVE-2019-16018) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705675 | Security Update for Cisco Carrier Routing System 5.3.1 |
| PATCH-1705564 | Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE |
| PATCH-1705630 | Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4 |
| PATCH-1705219 | Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE |
| PATCH-1706021 | Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE |
| PATCH-1705220 | Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE |
| PATCH-1705124 | Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT |
| PATCH-1705229 | Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE |
| PATCH-1705230 | Security Update for Cisco 8000 Series Routers 7.2.1.21i.BASE |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234