CVE-2019-15167 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read, a different vulnerability than CVE-2018-14463.

This might allow a remote attacker to cause a denial of service. A remote attacker can send specially crafted VRRP packets to trigger this issue.

NtbGetValueKey() in ntb.c has a buffer over-read in print-ntb.c:ntb_print() for NTB version 1. A remote attacker can send specially crafted NTB packets to trigger this issue.

Impact Level: Application/System

CVSS Score: 5.9 – CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X
This vulnerability can be exploited by sending a specially crafted packet to port 5559.
To exploit these vulnerabilities, an attacker can send a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559.
An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port 5559. An attacker can exploit these vulnerabilities by sending a specially crafted packet to port

Vulnerable Packet - CVE-2019-15167

# /ip neighbor discovery
# /ip neighbor discovery 192.168.1.2
# /ip neighbor discovery 192.168.1.2 set dc-id 1
# /ip neighbor discovery 192.168.1.2 set dc-id 1 verify
# /ip neighbor discovery 192.168.1.2 set dc-id 2

Vulnerability Scoring Explanation br

5.9 Medium: Successful exploitation results in high privilege elevation, impact to confidentiality of system and disruption of service.
This vulnerability can be exploited by sending a specially crafted packet to port 5559. To exploit these vulnerabilities, an attacker needs to send a specially crafted packet with a target IP address to an end-point on the network. The payload for this attack is limited, as the first byte of all packets sent from the attacker will be overwritten by the NTB greeting string.

Timeline

Published on: 08/27/2022 06:15:00 UTC
Last modified on: 09/01/2022 19:29:00 UTC

References

• https://github.com/the-tcpdump-group/tcpdump/commit/a152aebfd1114376ba266ed30416be596ef9d806
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15167