CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1686

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.2%

CVSS Severity

CVSS v3 Score 5.8

CVSS v2 Score 5.0

References

Products affected by CVE-2019-1686

Cisco » Asr 9000v » Version: N/A

cpe:2.3:h:cisco:asr_9000v:-
Cisco » Asr 9001 » Version: N/A

cpe:2.3:h:cisco:asr_9001:-
Cisco » Asr 9006 » Version: N/A

cpe:2.3:h:cisco:asr_9006:-
Cisco » Asr 9010 » Version: N/A

cpe:2.3:h:cisco:asr_9010:-
Cisco » Asr 9901 » Version: N/A

cpe:2.3:h:cisco:asr_9901:-
Cisco » Asr 9904 » Version: N/A

cpe:2.3:h:cisco:asr_9904:-
Cisco » Asr 9906 » Version: N/A

cpe:2.3:h:cisco:asr_9906:-
Cisco » Asr 9910 » Version: N/A

cpe:2.3:h:cisco:asr_9910:-
Cisco » Asr 9912 » Version: N/A

cpe:2.3:h:cisco:asr_9912:-
Cisco » Asr 9922 » Version: N/A

cpe:2.3:h:cisco:asr_9922:-
Cisco » Ios Xr » Version: 5.1.1

cpe:2.3:o:cisco:ios_xr:5.1.1
Cisco » Ios Xr » Version: 5.1.1.k9sec

cpe:2.3:o:cisco:ios_xr:5.1.1.k9sec
Cisco » Ios Xr » Version: 5.1.2

cpe:2.3:o:cisco:ios_xr:5.1.2
Cisco » Ios Xr » Version: 5.1.3

cpe:2.3:o:cisco:ios_xr:5.1.3
Cisco » Ios Xr » Version: 5.1.3.03

cpe:2.3:o:cisco:ios_xr:5.1.3.03
Cisco » Ios Xr » Version: 5.1.4.base

cpe:2.3:o:cisco:ios_xr:5.1.4.base
Cisco » Ios Xr » Version: 5.2.0

cpe:2.3:o:cisco:ios_xr:5.2.0
Cisco » Ios Xr » Version: 5.2.0.base

cpe:2.3:o:cisco:ios_xr:5.2.0.base
Cisco » Ios Xr » Version: 5.2.1

cpe:2.3:o:cisco:ios_xr:5.2.1
Cisco » Ios Xr » Version: 5.2.2

cpe:2.3:o:cisco:ios_xr:5.2.2
Cisco » Ios Xr » Version: 5.2.3

cpe:2.3:o:cisco:ios_xr:5.2.3
Cisco » Ios Xr » Version: 5.2.4

cpe:2.3:o:cisco:ios_xr:5.2.4
Cisco » Ios Xr » Version: 5.2.4.00

cpe:2.3:o:cisco:ios_xr:5.2.4.00
Cisco » Ios Xr » Version: 5.2.5

cpe:2.3:o:cisco:ios_xr:5.2.5
Cisco » Ios Xr » Version: 5.2.5.ce

cpe:2.3:o:cisco:ios_xr:5.2.5.ce
Cisco » Ios Xr » Version: 5.2.6

cpe:2.3:o:cisco:ios_xr:5.2.6
Cisco » Ios Xr » Version: 5.3.0

cpe:2.3:o:cisco:ios_xr:5.3.0
Cisco » Ios Xr » Version: 5.3.0_base

cpe:2.3:o:cisco:ios_xr:5.3.0_base
Cisco » Ios Xr » Version: 5.3.1

cpe:2.3:o:cisco:ios_xr:5.3.1
Cisco » Ios Xr » Version: 5.3.2

cpe:2.3:o:cisco:ios_xr:5.3.2
Cisco » Ios Xr » Version: 5.3.3

cpe:2.3:o:cisco:ios_xr:5.3.3
Cisco » Ios Xr » Version: 5.3.4

cpe:2.3:o:cisco:ios_xr:5.3.4
Cisco » Ios Xr » Version: 5.3.4.base

cpe:2.3:o:cisco:ios_xr:5.3.4.base
Cisco » Ios Xr » Version: 5.4.3.ce

cpe:2.3:o:cisco:ios_xr:5.4.3.ce
Cisco » Ios Xr » Version: 6.0.0

cpe:2.3:o:cisco:ios_xr:6.0.0
Cisco » Ios Xr » Version: 6.0.1

cpe:2.3:o:cisco:ios_xr:6.0.1
Cisco » Ios Xr » Version: 6.0.2

cpe:2.3:o:cisco:ios_xr:6.0.2
Cisco » Ios Xr » Version: 6.0.2.01

cpe:2.3:o:cisco:ios_xr:6.0.2.01
Cisco » Ios Xr » Version: 6.0.2.base

cpe:2.3:o:cisco:ios_xr:6.0.2.base
Cisco » Ios Xr » Version: 6.0.4.base

cpe:2.3:o:cisco:ios_xr:6.0.4.base
Cisco » Ios Xr » Version: 6.0_base

cpe:2.3:o:cisco:ios_xr:6.0_base
Cisco » Ios Xr » Version: 6.1.0

cpe:2.3:o:cisco:ios_xr:6.1.0
Cisco » Ios Xr » Version: 6.1.1

cpe:2.3:o:cisco:ios_xr:6.1.1
Cisco » Ios Xr » Version: 6.1.2

cpe:2.3:o:cisco:ios_xr:6.1.2
Cisco » Ios Xr » Version: 6.1.3

cpe:2.3:o:cisco:ios_xr:6.1.3
Cisco » Ios Xr » Version: 6.1.3.01

cpe:2.3:o:cisco:ios_xr:6.1.3.01
Cisco » Ios Xr » Version: 6.1.4

cpe:2.3:o:cisco:ios_xr:6.1.4
Cisco » Ios Xr » Version: 6.1.4.base

cpe:2.3:o:cisco:ios_xr:6.1.4.base
Cisco » Ios Xr » Version: 6.2.0

cpe:2.3:o:cisco:ios_xr:6.2.0
Cisco » Ios Xr » Version: 6.2.1

cpe:2.3:o:cisco:ios_xr:6.2.1
Cisco » Ios Xr » Version: 6.2.2

cpe:2.3:o:cisco:ios_xr:6.2.2
Cisco » Ios Xr » Version: 6.2.25

cpe:2.3:o:cisco:ios_xr:6.2.25
Cisco » Ios Xr » Version: 6.2.3

cpe:2.3:o:cisco:ios_xr:6.2.3
Cisco » Ios Xr » Version: 6.2.3.base

cpe:2.3:o:cisco:ios_xr:6.2.3.base
Cisco » Ios Xr » Version: 6.3.1

cpe:2.3:o:cisco:ios_xr:6.3.1
Cisco » Ios Xr » Version: 6.3.15

cpe:2.3:o:cisco:ios_xr:6.3.15
Cisco » Ios Xr » Version: 6.3.2

cpe:2.3:o:cisco:ios_xr:6.3.2
Cisco » Ios Xr » Version: 6.3.3

cpe:2.3:o:cisco:ios_xr:6.3.3
Cisco » Ios Xr » Version: 6.3.3_base

cpe:2.3:o:cisco:ios_xr:6.3.3_base
Cisco » Ios Xr » Version: 6.4.0

cpe:2.3:o:cisco:ios_xr:6.4.0
Cisco » Ios Xr » Version: 6.4.1

cpe:2.3:o:cisco:ios_xr:6.4.1
Cisco » Ios Xr » Version: 6.4.1_base

cpe:2.3:o:cisco:ios_xr:6.4.1_base
Cisco » Ios Xr » Version: 6.4.2

cpe:2.3:o:cisco:ios_xr:6.4.2
Cisco » Ios Xr » Version: 6.4.3

cpe:2.3:o:cisco:ios_xr:6.4.3
Cisco » Ios Xr » Version: 6.5.0

cpe:2.3:o:cisco:ios_xr:6.5.0
Cisco » Ios Xr » Version: 6.5.1

cpe:2.3:o:cisco:ios_xr:6.5.1
Cisco » Ios Xr » Version: 6.5.15

cpe:2.3:o:cisco:ios_xr:6.5.15
Cisco » Ios Xr » Version: 6.5.25

cpe:2.3:o:cisco:ios_xr:6.5.25
Cisco » Ios Xr » Version: 6.5.26

cpe:2.3:o:cisco:ios_xr:6.5.26
Cisco » Ios Xr » Version: 6.5.28

cpe:2.3:o:cisco:ios_xr:6.5.28
Cisco » Ios Xr » Version: 6.5.29

cpe:2.3:o:cisco:ios_xr:6.5.29
Cisco » Ios Xr » Version: 6.5.3

cpe:2.3:o:cisco:ios_xr:6.5.3
Cisco » Ios Xr » Version: 6.5.31

cpe:2.3:o:cisco:ios_xr:6.5.31
Cisco » Ios Xr » Version: 6.5.32

cpe:2.3:o:cisco:ios_xr:6.5.32
Cisco » Ios Xr » Version: 6.5.33

cpe:2.3:o:cisco:ios_xr:6.5.33
Cisco » Ios Xr » Version: 6.5.90

cpe:2.3:o:cisco:ios_xr:6.5.90
Cisco » Ios Xr » Version: 6.5.92

cpe:2.3:o:cisco:ios_xr:6.5.92
Cisco » Ios Xr » Version: 6.5.93

cpe:2.3:o:cisco:ios_xr:6.5.93
Cisco » Ios Xr » Version: 6.6.0

cpe:2.3:o:cisco:ios_xr:6.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1686

Products

Pricing

Contact Us