CVE-2019-16027
Description
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.067
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Carrier Routing System | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco ASR 9000 Series Aggregation Services Routers | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Network Convergence System 6000 Series Routers | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco IOS XRv 9000 Router | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Network Convergence System 5000 Series | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Network Convergence System 5500 Series | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Network Convergence System 1000 Series | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco Network Convergence System 500 Series Routers | NCM |
| Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability For Cisco 8000 Series Routers | NCM |
| Improper Input Validation Vulnerability (CVE-2019-16027) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705675 | Security Update for Cisco Carrier Routing System 5.3.1 |
| PATCH-1705564 | Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE |
| PATCH-1705630 | Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4 |
| PATCH-1705219 | Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE |
| PATCH-1706021 | Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE |
| PATCH-1705220 | Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE |
| PATCH-1705124 | Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT |
| PATCH-1705229 | Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE |
| PATCH-1705230 | Security Update for Cisco 8000 Series Routers 7.2.1.21i.BASE |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234