CVE-2019-16020

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description The issue is related to the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software. It could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit this by sending BGP EVPN update messages with malformed attributes to be processed by an affected system, potentially causing the BGP process to restart unexpectedly. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers, so the malicious BGP update message would need to come from a configured, valid BGP peer, or be injected into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.