CVE-2019-1760

MEDIUM

Cisco IOS XE - Unauthenticated Denial of Service via Malformed Smart Probe Packets

Title source: llm
STIX 2.1

Description

A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107611

Scores

CVSS v3 6.8
EPSS 0.0214
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (41)
cisco/ios_xe 3.2.0ja
cisco/ios_xe 3.16.4as
cisco/ios_xe 3.16.4bs
cisco/ios_xe 3.16.4cs
cisco/ios_xe 3.16.4ds
cisco/ios_xe 3.16.4es
cisco/ios_xe 3.16.4gs
cisco/ios_xe 3.16.4s
cisco/ios_xe 3.16.5as
cisco/ios_xe 3.16.5bs
... and 31 more
Published Mar 28, 2019
Tracked Since Feb 18, 2026