CVE-2019-1849

Name of the Vulnerable Software and Affected Versions Cisco IOS XR (affected versions not specified)

Description The issue is related to a logic error in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software. This error occurs when the software processes specific EVPN routing information, allowing an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. An attacker could exploit this by injecting malicious traffic patterns into the targeted EVPN network, potentially causing a crash of the l2vpn mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). This could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.