Vulnerabilities > CVE-2019-15989 - Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

cisco

CWE-754

nessus

NVD

Published: 2020-01-26

Updated: 2020-01-29

Summary

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XR 6.6.1 Cisco IOS XR 6.6.2 Cisco IOS XR 6.6.25 Cisco IOS XR 7.0.1	4
Hardware	Cisco Cisco ASR 9000V - Cisco ASR 9001 - Cisco ASR 9006 - Cisco ASR 9010 - Cisco ASR 9901 - Cisco ASR 9904 - Cisco ASR 9906 - Cisco ASR 9910 - Cisco ASR 9912 - Cisco ASR 9922 - Cisco NCS 540 - Cisco NCS 5501 - Cisco NCS 5501 SE - Cisco NCS 5502 - Cisco NCS 5502 SE - Cisco NCS 5508 - Cisco NCS 5516 - Cisco NCS 6000 - Cisco CRS - Cisco XRV 9000 - Cisco NCS 540L - Cisco NCS 560 - Cisco NCS 1001 - Cisco NCS 1002 - Cisco NCS 1004 - Cisco NCS 5001 - Cisco NCS 5002 -	37

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20200122-IOS-XR-BGP-DOS.NASL
description	According to its self-reported version, Cisco IOS XR Software is affected by a denial of service vulnerability. A remote attacker could exploit this vulnerability by sending specially crafted BGP update messages, which could cause the BGP process to restart, resulting in a denial of service. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen	2020-06-01
modified	2020-06-02
plugin id	133408
published	2020-01-31
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133408
title	Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability (cisco-sa-20200122-ios-xr-bgp-dos)
code	#TRUSTED 669c769d2a82bac427366d58b26534daefb3a70f423da5c2d20597a3839d145556e663c4cc087e4fe4321f311290cf07b2a6f48739b3f5d9dea54d8bb461d24ae5ab956e65027a5435381438482831a0422ae4b1cb08799b5a9d7c00ea87a4c847ec2df360e12adeddbc941f0c5710c3c736bb5193de59c593b8185f4e117e6a1f984e995f79c3f6269dd19bdc2ebe0bc4c198ee75809f651e196cd4219221bb6b7de4a8da3f2ced9f2ae6c7e6104da5ceda46c4442f642ffe68bcc0e73c63392732a58691ef6ca6d87eb3362a2562e2cb204099cef724dab3ec4f5043dd958f223186f8cda98eafed33f82c7a6f0d74e72be932c8e61ea5d3c02748049a0713b49cf54643846bc23fa10e4ae03bb6cd25d8365553b97c004e5a054621fe98e7417fc2f009083de3a707ccc0c5ff444ba1a0df429e90cc02530264c2738e7b39279727b9f1cbc3c2aa15be86e8b5d103f3ea5338b6f15651e0605f73658145845a1348b755f1f66e907a40b8833b53c15f29ff6c7e880334a597890ac0a336c1bbc8165b7b7207e0486fb3074e6e7fab9e2ac6a377ac62f6bf11d725ea364dbf75a7455478599543f406d3be7a734bd7017fac13b608b519313be2db7d18193bbf93ab44e1637beead6bb033caab9e93a8850f0f2fa8c2bc3479c979368098c42b8293bbc61de003fc1dea2a98719e43af8cf6733e169c0044f6963024e86fe6 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(133408); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26"); script_cve_id("CVE-2019-15989"); script_bugtraq_id(109043); script_xref(name:"CISCO-BUG-ID", value:"CSCvr69950"); script_xref(name:"CISCO-SA", value:"cisco-sa-20200122-ios-xr-bgp-dos"); script_xref(name:"IAVA", value:"2020-A-0041-S"); script_name(english:"Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability (cisco-sa-20200122-ios-xr-bgp-dos)"); script_summary(english:"Checks the version of Cisco IOS XR Software"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco IOS XR Software is affected by a denial of service vulnerability. A remote attacker could exploit this vulnerability by sending specially crafted BGP update messages, which could cause the BGP process to restart, resulting in a denial of service. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?93dce29c"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr69950"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvr69950"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15989"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xr_version.nasl"); script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:"Cisco IOS XR"); if (report_paranoia < 2) audit(AUDIT_PARANOID); vuln_ranges = [ {'min_ver' : '7.0.0', 'fix_ver' : '7.0.2'}, {'min_ver' : '7.1.0', 'fix_ver' : '7.1.1'}, {'min_ver' : '7.2.0', 'fix_ver' : '7.2.1'} ]; workarounds = make_list(CISCO_WORKAROUNDS['router_bgp']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_WARNING, 'version' , product_info['version'], 'bug_id' , 'CSCvr69950' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges );

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos