CVE-2019-1760
MEDIUMCisco IOS XE - Unauthenticated Denial of Service via Malformed Smart Probe Packets
Title source: llmDescription
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107611
Scores
CVSS v3
6.8
EPSS
0.0214
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (41)
cisco/ios_xe
3.2.0ja
cisco/ios_xe
3.16.4as
cisco/ios_xe
3.16.4bs
cisco/ios_xe
3.16.4cs
cisco/ios_xe
3.16.4ds
cisco/ios_xe
3.16.4es
cisco/ios_xe
3.16.4gs
cisco/ios_xe
3.16.4s
cisco/ios_xe
3.16.5as
cisco/ios_xe
3.16.5bs
... and 31 more
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026