CVE-2019-1710

Description

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.88

Associated Vulnerability

Vulnerability	OS Platform
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco ASR 9000 Series Aggregation Services Routers	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco Network Convergence System 6000 Series Routers	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco IOS XRv 9000 Router	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco Network Convergence System 5000 Series	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco Network Convergence System 5500 Series	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco Network Convergence System 1000 Series	NCM
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability For Cisco Network Convergence System 500 Series Routers	NCM
Improper Input Validation Vulnerability (CVE-2019-1710)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705564	Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE
PATCH-1705630	Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4
PATCH-1705219	Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE
PATCH-1706021	Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE
PATCH-1705220	Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE
PATCH-1705124	Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT
PATCH-1705229	Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234