Cisco IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability

Low Nessus Plugin ID 126507

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability

- A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device.The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. (CVE-2019-1761)

Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvj98575

See Also

http://www.nessus.org/u?46d52b7a

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj98575

Plugin Details

Severity: Low

ID: 126507

File Name: cisco-sa-20190327-iosxe-infoleak.nasl

Version: 1.8

Type: local

Family: CISCO

Published: 2019/07/05

Updated: 2019/10/18

Dependencies: 67217

Risk Information

Risk Factor: Low

CVSS Score Source: CVE-2019-1761

CVSS v2.0

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/03/27

Vulnerability Publication Date: 2019/03/28

Reference Information

CVE: CVE-2019-1761

CISCO-BUG-ID: CSCvj98575

CISCO-SA: cisco-sa-20190327-ios-infoleak

IAVA: 2019-A-0097

CWE: 665