CVE-2019-1760: Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
First published: Thu Mar 28 2019(Updated: )
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Software | =3.2.0ja | |
| Cisco IOS XE Software | =3.16.4as | |
| Cisco IOS XE Software | =3.16.4bs | |
| Cisco IOS XE Software | =3.16.4cs | |
| Cisco IOS XE Software | =3.16.4ds | |
| Cisco IOS XE Software | =3.16.4es | |
| Cisco IOS XE Software | =3.16.4gs | |
| Cisco IOS XE Software | =3.16.4s | |
| Cisco IOS XE Software | =3.16.5as | |
| Cisco IOS XE Software | =3.16.5bs | |
| Cisco IOS XE Software | =3.16.5s | |
| Cisco IOS XE Software | =3.16.6bs | |
| Cisco IOS XE Software | =3.16.6s | |
| Cisco IOS XE Software | =3.16.7as | |
| Cisco IOS XE Software | =3.16.7bs | |
| Cisco IOS XE Software | =3.16.7s | |
| Cisco IOS XE Software | =16.3.2 | |
| Cisco IOS XE Software | =16.3.3 | |
| Cisco IOS XE Software | =16.3.4 | |
| Cisco IOS XE Software | =16.3.5 | |
| Cisco IOS XE Software | =16.3.5b | |
| Cisco IOS XE Software | =16.3.6 | |
| Cisco IOS XE Software | =16.4.1 | |
| Cisco IOS XE Software | =16.4.2 | |
| Cisco IOS XE Software | =16.4.3 | |
| Cisco IOS XE Software | =16.5.1 | |
| Cisco IOS XE Software | =16.5.1a | |
| Cisco IOS XE Software | =16.5.1b | |
| Cisco IOS XE Software | =16.5.2 | |
| Cisco IOS XE Software | =16.5.3 | |
| Cisco IOS XE Software | =16.6.1 | |
| Cisco IOS XE Software | =16.6.2 | |
| Cisco IOS XE Software | =16.6.3 | |
| Cisco IOS XE Software | =16.7.1 | |
| Cisco IOS XE Software | =16.7.1a | |
| Cisco IOS XE Software | =16.7.1b | |
| Cisco IOS XE Software | =16.8.1 | |
| Cisco IOS XE Software | =16.8.1a | |
| Cisco IOS XE Software | =16.8.1b | |
| Cisco IOS XE Software | =16.8.1c | |
| Cisco IOS XE Software | =16.8.1s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-1760?
CVE-2019-1760 is rated as a high severity vulnerability due to the potential for remote unauthenticated attackers to cause device reloads.
How do I fix CVE-2019-1760?
To mitigate CVE-2019-1760, update your Cisco IOS XE device to the recommended fixed versions from Cisco's security advisory.
What systems are affected by CVE-2019-1760?
CVE-2019-1760 affects various versions of Cisco IOS XE, including versions 3.2.0ja and several versions from 16.3.x to 16.8.x.
Can CVE-2019-1760 be exploited remotely?
Yes, CVE-2019-1760 can be exploited by an unauthenticated remote attacker, making it particularly concerning for network security.
What are the implications of CVE-2019-1760?
The implications of CVE-2019-1760 include potential service disruptions and loss of availability due to possible device reloads.
- agent/type
- agent/references
- agent/title
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/3.2.0ja
- version/cisco ios xe/3.16.4as
- version/cisco ios xe/3.16.4bs
- version/cisco ios xe/3.16.4cs
- version/cisco ios xe/3.16.4ds
- version/cisco ios xe/3.16.4es
- version/cisco ios xe/3.16.4gs
- version/cisco ios xe/3.16.4s
- version/cisco ios xe/3.16.5as
- version/cisco ios xe/3.16.5bs
- version/cisco ios xe/3.16.5s
- version/cisco ios xe/3.16.6bs
- version/cisco ios xe/3.16.6s
- version/cisco ios xe/3.16.7as
- version/cisco ios xe/3.16.7bs
- version/cisco ios xe/3.16.7s
- version/cisco ios xe/16.3.2
- version/cisco ios xe/16.3.3
- version/cisco ios xe/16.3.4
- version/cisco ios xe/16.3.5
- version/cisco ios xe/16.3.5b
- version/cisco ios xe/16.3.6
- version/cisco ios xe/16.4.1
- version/cisco ios xe/16.4.2
- version/cisco ios xe/16.4.3
- version/cisco ios xe/16.5.1
- version/cisco ios xe/16.5.1a
- version/cisco ios xe/16.5.1b
- version/cisco ios xe/16.5.2
- version/cisco ios xe/16.5.3
- version/cisco ios xe/16.6.1
- version/cisco ios xe/16.6.2
- version/cisco ios xe/16.6.3
- version/cisco ios xe/16.7.1
- version/cisco ios xe/16.7.1a
- version/cisco ios xe/16.7.1b
- version/cisco ios xe/16.8.1
- version/cisco ios xe/16.8.1a
- version/cisco ios xe/16.8.1b
- version/cisco ios xe/16.8.1c
- version/cisco ios xe/16.8.1s