8.6

CVE-2019-1740

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xe Version3.2.0ja
CiscoIos Xe Version3.16.0as
CiscoIos Xe Version3.16.0bs
CiscoIos Xe Version3.16.0cs
CiscoIos Xe Version3.16.0s
CiscoIos Xe Version3.16.1as
CiscoIos Xe Version3.16.1s
CiscoIos Xe Version3.16.2as
CiscoIos Xe Version3.16.2bs
CiscoIos Xe Version3.16.2s
CiscoIos Xe Version3.16.3as
CiscoIos Xe Version3.16.3s
CiscoIos Xe Version3.16.4as
CiscoIos Xe Version3.16.4bs
CiscoIos Xe Version3.16.4cs
CiscoIos Xe Version3.16.4ds
CiscoIos Xe Version3.16.4es
CiscoIos Xe Version3.16.4gs
CiscoIos Xe Version3.16.4s
CiscoIos Xe Version3.16.5as
CiscoIos Xe Version3.16.5s
CiscoIos Xe Version3.17.0s
CiscoIos Xe Version3.17.1as
CiscoIos Xe Version3.17.1s
CiscoIos Xe Version3.17.2s
CiscoIos Xe Version3.17.3s
CiscoIos Xe Version3.17.4s
CiscoIos Xe Version3.18.0as
CiscoIos Xe Version3.18.0s
CiscoIos Xe Version3.18.0sp
CiscoIos Xe Version3.18.1asp
CiscoIos Xe Version3.18.1bsp
CiscoIos Xe Version3.18.1csp
CiscoIos Xe Version3.18.1gsp
CiscoIos Xe Version3.18.1hsp
CiscoIos Xe Version3.18.1isp
CiscoIos Xe Version3.18.1s
CiscoIos Xe Version3.18.1sp
CiscoIos Xe Version3.18.2asp
CiscoIos Xe Version3.18.2s
CiscoIos Xe Version3.18.2sp
CiscoIos Xe Version3.18.3s
CiscoIos Xe Version3.18.4s
CiscoIos Xe Version16.2.1
CiscoIos Xe Version16.2.2
CiscoIos Xe Version16.3.1
CiscoIos Xe Version16.3.1a
CiscoIos Xe Version16.3.2
CiscoIos Xe Version16.3.3
CiscoIos Xe Version16.3.4
CiscoIos Xe Version16.4.1
CiscoIos Xe Version16.4.2
CiscoIos Xe Version16.4.3
CiscoIos Xe Version16.5.1
CiscoIos Xe Version16.5.1a
CiscoIos Xe Version16.5.1b
CiscoIos Xe Version16.9.3s
CiscoIos Xe Version16.9.4c
CiscoIos Version15.3(3)jd
CiscoIos Version15.3(3)jd2
CiscoIos Version15.3(3)jd3
CiscoIos Version15.3(3)jd4
CiscoIos Version15.3(3)jd5
CiscoIos Version15.3(3)jd6
CiscoIos Version15.3(3)jd7
CiscoIos Version15.3(3)jd8
CiscoIos Version15.3(3)jd9
CiscoIos Version15.3(3)jd11
CiscoIos Version15.3(3)jd12
CiscoIos Version15.3(3)jd13
CiscoIos Version15.3(3)jd14
CiscoIos Version15.3(3)je
CiscoIos Version15.3(3)jf
CiscoIos Version15.3(3)jf1
CiscoIos Version15.3(3)jf2
CiscoIos Version15.3(3)jf4
CiscoIos Version15.3(3)jf5
CiscoIos Version15.3(3)jg
CiscoIos Version15.3(3)jg1
CiscoIos Version15.3(3)jh
CiscoIos Version15.3(3)jk6
CiscoIos Version15.3(3)jnp
CiscoIos Version15.3(3)jnp1
CiscoIos Version15.3(3)jnp3
CiscoIos Version15.3(3)jpb
CiscoIos Version15.3(3)jpb1
CiscoIos Version15.3(3)jpc
CiscoIos Version15.3(3)jpc1
CiscoIos Version15.3(3)jpc2
CiscoIos Version15.3(3)jpc3
CiscoIos Version15.3(3)jpc5
CiscoIos Version15.3(3)jpd
CiscoIos Version15.5(3)m
CiscoIos Version15.5(3)m0a
CiscoIos Version15.5(3)m1
CiscoIos Version15.5(3)m2
CiscoIos Version15.5(3)m2a
CiscoIos Version15.5(3)m3
CiscoIos Version15.5(3)m4
CiscoIos Version15.5(3)m4a
CiscoIos Version15.5(3)m4b
CiscoIos Version15.5(3)m4c
CiscoIos Version15.5(3)m5
CiscoIos Version15.5(3)s
CiscoIos Version15.5(3)s0a
CiscoIos Version15.5(3)s1
CiscoIos Version15.5(3)s1a
CiscoIos Version15.5(3)s2
CiscoIos Version15.5(3)s3
CiscoIos Version15.5(3)s4
CiscoIos Version15.5(3)s5
CiscoIos Version15.5(3)sn
CiscoIos Version15.5(3)sn0a
CiscoIos Version15.6(1)s
CiscoIos Version15.6(1)s1
CiscoIos Version15.6(1)s2
CiscoIos Version15.6(1)s3
CiscoIos Version15.6(1)s4
CiscoIos Version15.6(1)sn
CiscoIos Version15.6(1)sn1
CiscoIos Version15.6(1)sn2
CiscoIos Version15.6(1)sn3
CiscoIos Version15.6(1)t
CiscoIos Version15.6(1)t0a
CiscoIos Version15.6(1)t1
CiscoIos Version15.6(1)t2
CiscoIos Version15.6(2)s
CiscoIos Version15.6(2)s1
CiscoIos Version15.6(2)s2
CiscoIos Version15.6(2)s3
CiscoIos Version15.6(2)s4
CiscoIos Version15.6(2)sn
CiscoIos Version15.6(2)t
CiscoIos Version15.6(2)t0a
CiscoIos Version15.6(2)t1
CiscoIos Version15.6(2)t2
CiscoIos Version15.6(3)m
CiscoIos Version15.6(3)m0a
CiscoIos Version15.6(3)m1
CiscoIos Version15.6(3)m1a
CiscoIos Version15.6(3)m1b
CiscoIos Version15.6(3)sn
CiscoIos Version15.6(4)sn
CiscoIos Version15.6(5)sn
CiscoIos Version15.6(6)sn
CiscoIos Version15.6(7)sn
CiscoIos Version15.6(7)sn1
CiscoIos Version15.6(7)sn2
CiscoIos Version15.6(7)sn3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.05% 0.766
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/107597
Third Party Advisory
VDB Entry