目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2019-16020— Cisco IOS XR 资源管理错误漏洞

EPSS 2.50% · P85
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-16020の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
ソース: NVD (National Vulnerability Database)
脆弱性説明
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
资源管理错误
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco IOS XR 资源管理错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR中Border Gateway Protocol(边界网关协议) Ethernet VPN (EVPN)功能的实现存在资源管理错误漏洞,该漏洞源于程序没有正确处理包含特定EVPN属性的BGP更新消息。远程攻击者可借助恶意的BGP更新消息利用该漏洞造成拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
CiscoCisco IOS XR Software unspecified ~ n/a -

II. CVE-2019-16020の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-16020のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Cisco · 2020-01-26 · 24 CVEs total

CVE-2020-3129Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
CVE-2019-12629Cisco SD-WAN vManage Command Injection Vulnerability
CVE-2019-12619Cisco SD-WAN Solution SQL Injection Vulnerability
CVE-2020-3136Cisco Jabber Guest Cross-Site Scripting Vulnerability
CVE-2020-3139Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass
CVE-2019-15989Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability
CVE-2019-16018Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability
CVE-2019-16022Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
CVE-2019-16027Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnera
CVE-2019-16029Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability
CVE-2020-3115Cisco SD-WAN Solution Local Privilege Escalation Vulnerability
CVE-2020-3121Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
CVE-2020-3142Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vu
CVE-2020-3131Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability
CVE-2020-3134Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability
CVE-2019-16015Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability
CVE-2019-15255Cisco Identity Services Engine Authorization Bypass Vulnerability
CVE-2019-16026Cisco Mobility Management Entity Denial of Service Vulnerability
CVE-2019-16024Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability
CVE-2019-16008Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scriptin

Showing 20 of 24 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Cisco IOS XR Software
同じベンダー: Cisco
同じ弱点: CWE-399

V. CVE-2019-16020へのコメント

まだコメントはありません

コメントを残す