CVE-2019-1710

CVE Database · CVE-2019-1710

CVE-2019-1710

· N/AModified

CVSS v3.1

N/A

EPSS

2.83%

Published

Apr 17, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (3)

cisco · ios_xr (up to 6.5.3)vulnerable

cisco · ios_xr (up to 7.0.1)vulnerable

cisco · asr_9000

References (4)

http://www.securityfocus.com/bid/108007

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Vendor Advisory

http://www.securityfocus.com/bid/108007

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs