CVE-2019-16022

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by sending BGP EVPN update messages with malformed attributes. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The attacker would need to be a configured, valid BGP peer or inject the malicious message into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.