Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1686
HistoryApr 17, 2019 - 10:29 p.m.

CVE-2019-1686

2019-04-1722:29:00
CWE-284
[email protected]
web.nvd.nist.gov
24
cve-2019-1686
vulnerability
tcp flags inspection
acls
cisco asr 9000
remote bypass
nvd
cisco ios xr

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.

Affected configurations

NVD
Node
ciscoios_xrRange5.1.16.5.2
OR
ciscoios_xrRange6.5.36.6.1
AND
ciscoasr_9000vMatch-
OR
ciscoasr_9001Match-
OR
ciscoasr_9006Match-
OR
ciscoasr_9010Match-
OR
ciscoasr_9901Match-
OR
ciscoasr_9904Match-
OR
ciscoasr_9906Match-
OR
ciscoasr_9910Match-
OR
ciscoasr_9912Match-
OR
ciscoasr_9922Match-

CNA Affected

[
  {
    "product": "Cisco IOS XR Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.5.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.6.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cisco 1
cvelist 1
nvd
nvd
CVE-2019-1686
2019-04-17 22:29:00
prion
prion
Design/Logic Flaw
2019-04-17 22:29:00
cisco
cisco
Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
2019-04-17 16:00:00
cvelist
cvelist
CVE-2019-1686 Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
2019-04-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON
Related for CVE-2019-1686
nvd1prion1cisco1cvelist1