mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 19:21:37 +00:00
619 lines
24 KiB
JSON
619 lines
24 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2019-16020",
|
||
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
||
|
|
"published": "2020-01-26T05:15:16.053",
|
||
|
|
"lastModified": "2020-01-29T18:16:53.127",
|
||
|
|
"vulnStatus": "Analyzed",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"lang": "es",
|
||
|
|
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) Ethernet VPN (EVPN) en Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Las vulnerabilidades son debido al procesamiento incorrecto de los mensajes de actualizaci\u00f3n de BGP que contienen atributos EVPN dise\u00f1ados. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de mensajes de actualizaci\u00f3n de BGP EVPN con atributos malformados para ser procesados ??por un sistema afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el proceso BGP se reinicie inesperadamente, resultando en una condici\u00f3n DoS. La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico de BGP entrante solo desde peers definidos expl\u00edcitamente. Para explotar estas vulnerabilidades, el mensaje de actualizaci\u00f3n de BGP malicioso necesitar\u00eda venir desde un peer de BGP v\u00e1lido y configurado, o necesitar\u00eda ser inyectado por parte del atacante en la red de BGP de la v\u00edctima en una conexi\u00f3n TCP v\u00e1lida y existente a un peer de BGP."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {
|
||
|
|
"cvssMetricV31": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "3.1",
|
||
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
|
||
|
|
"attackVector": "NETWORK",
|
||
|
|
"attackComplexity": "LOW",
|
||
|
|
"privilegesRequired": "NONE",
|
||
|
|
"userInteraction": "NONE",
|
||
|
|
"scope": "CHANGED",
|
||
|
|
"confidentialityImpact": "NONE",
|
||
|
|
"integrityImpact": "NONE",
|
||
|
|
"availabilityImpact": "HIGH",
|
||
|
|
"baseScore": 8.6,
|
||
|
|
"baseSeverity": "HIGH"
|
||
|
|
},
|
||
|
|
"exploitabilityScore": 3.9,
|
||
|
|
"impactScore": 4.0
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"cvssMetricV30": [
|
||
|
|
{
|
||
|
|
"source": "ykramarz@cisco.com",
|
||
|
|
"type": "Secondary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "3.0",
|
||
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
|
||
|
|
"attackVector": "NETWORK",
|
||
|
|
"attackComplexity": "LOW",
|
||
|
|
"privilegesRequired": "NONE",
|
||
|
|
"userInteraction": "NONE",
|
||
|
|
"scope": "CHANGED",
|
||
|
|
"confidentialityImpact": "NONE",
|
||
|
|
"integrityImpact": "NONE",
|
||
|
|
"availabilityImpact": "HIGH",
|
||
|
|
"baseScore": 8.6,
|
||
|
|
"baseSeverity": "HIGH"
|
||
|
|
},
|
||
|
|
"exploitabilityScore": 3.9,
|
||
|
|
"impactScore": 4.0
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"cvssMetricV2": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "2.0",
|
||
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
|
|
"accessVector": "NETWORK",
|
||
|
|
"accessComplexity": "LOW",
|
||
|
|
"authentication": "NONE",
|
||
|
|
"confidentialityImpact": "NONE",
|
||
|
|
"integrityImpact": "NONE",
|
||
|
|
"availabilityImpact": "PARTIAL",
|
||
|
|
"baseScore": 5.0
|
||
|
|
},
|
||
|
|
"baseSeverity": "MEDIUM",
|
||
|
|
"exploitabilityScore": 10.0,
|
||
|
|
"impactScore": 2.9,
|
||
|
|
"acInsufInfo": false,
|
||
|
|
"obtainAllPrivilege": false,
|
||
|
|
"obtainUserPrivilege": false,
|
||
|
|
"obtainOtherPrivilege": false,
|
||
|
|
"userInteractionRequired": false
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-400"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"source": "ykramarz@cisco.com",
|
||
|
|
"type": "Secondary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-399"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"configurations": [
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1BD9FC30-C073-4C63-8468-47DEF12A3875"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E9B8E1A6-A438-441D-ADA2-BE2BF837EAA9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "BB7DD32E-B22D-4392-B255-5C3F9CD39F3E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "915D9708-E3AC-447A-A67C-815A8E282A42"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E7D9C475-6E5D-4AE9-A8D4-5B023C128A46"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "0FB63566-D9F5-4A36-87E2-AC87ADB9DE6C"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "910A1686-5B13-4D37-9C1F-2F0073D57E5F"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "430F0546-C2E9-41EE-8A8E-1C63945160F3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "E1D3885B-7BEC-49DA-AE56-0DA18117C9E7"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:x64:*",
|
||
|
|
"matchCriteriaId": "1496BE0A-B0BA-48BC-A476-A85A6D62EA50"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn",
|
||
|
|
"source": "ykramarz@cisco.com",
|
||
|
|
"tags": [
|
||
|
|
"Vendor Advisory"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|