Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition.

The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918

A companion advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910

Security Impact Rating: High

CVE: CVE-2019-1918

Related:

  • No Related Posts

Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.

The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass

Security Impact Rating: Medium

CVE: CVE-2019-1970

Related:

  • No Related Posts

Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos

Security Impact Rating: Medium

CVE: CVE-2019-1957

Related:

  • No Related Posts

Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface.

The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-authbypass

Security Impact Rating: Medium

CVE: CVE-2019-1946

Related:

  • No Related Posts

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-sql-inject

Security Impact Rating: Medium

CVE: CVE-2019-1942

Related:

  • No Related Posts

Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system.

The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system.

The REST API is enabled by default and cannot be disabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Security Impact Rating: Critical

CVE: CVE-2019-1917

Related:

  • No Related Posts