CVE-2019-1686 : A vulnerability in the TCP flags inspection feature for access control lists (AC

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.

Published 2019-04-17 22:29:00

Updated 2020-10-16 13:01:59

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2019-1686

Cisco » Ios Xr
Versions from including (>=) 6.5.3 and before (<) 6.6.1
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asr 9000v » Version: N/A
When used together with: Cisco » Asr 9001 » Version: N/A
When used together with: Cisco » Asr 9006 » Version: N/A
When used together with: Cisco » Asr 9010 » Version: N/A
When used together with: Cisco » Asr 9901 » Version: N/A
When used together with: Cisco » Asr 9904 » Version: N/A
When used together with: Cisco » Asr 9906 » Version: N/A
When used together with: Cisco » Asr 9910 » Version: N/A
When used together with: Cisco » Asr 9912 » Version: N/A
When used together with: Cisco » Asr 9922 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 5.1.1 and before (<) 6.5.2
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Asr 9000v » Version: N/A
When used together with: Cisco » Asr 9001 » Version: N/A
When used together with: Cisco » Asr 9006 » Version: N/A
When used together with: Cisco » Asr 9010 » Version: N/A
When used together with: Cisco » Asr 9901 » Version: N/A
When used together with: Cisco » Asr 9904 » Version: N/A
When used together with: Cisco » Asr 9906 » Version: N/A
When used together with: Cisco » Asr 9910 » Version: N/A
When used together with: Cisco » Asr 9912 » Version: N/A
When used together with: Cisco » Asr 9922 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-1686

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1686

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N	3.9	1.4	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: Low Availability: None
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N	3.9	4.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2019-1686

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2019-1686

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxracl

Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
Vendor Advisory
http://www.securityfocus.com/bid/108026

Cisco ASR 9000 Series Aggregation Services Routers Remote Security Bypass Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2019-1686

Products affected by CVE-2019-1686

Exploit prediction scoring system (EPSS) score for CVE-2019-1686

CVSS scores for CVE-2019-1686

CWE ids for CVE-2019-1686

References for CVE-2019-1686