8.6
CVE-2019-1814
- EPSS 0.4%
- Published 16.05.2019 00:29:00
- Last modified 21.11.2024 04:37:26
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Sf302-08pp Firmware Version < 1.4.10.6
Cisco ≫ Sf302-08mpp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10pp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10mpp Firmware Version < 1.4.10.6
Cisco ≫ Sf300-24pp Firmware Version < 1.4.10.6
Cisco ≫ Sf300-48pp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-28pp Firmware Version < 1.4.10.6
Cisco ≫ Sf300-08 Firmware Version < 1.4.10.6
Cisco ≫ Sf300-48p Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10mp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10p Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10 Firmware Version < 1.4.10.6
Cisco ≫ Sg300-28p Firmware Version < 1.4.10.6
Cisco ≫ Sf300-24p Firmware Version < 1.4.10.6
Cisco ≫ Sf302-08mp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-28 Firmware Version < 1.4.10.6
Cisco ≫ Sf300-48 Firmware Version < 1.4.10.6
Cisco ≫ Sg300-20 Firmware Version < 1.4.10.6
Cisco ≫ Sf302-08p Firmware Version < 1.4.10.6
Cisco ≫ Sg300-52 Firmware Version < 1.4.10.6
Cisco ≫ Sf300-24 Firmware Version < 1.4.10.6
Cisco ≫ Sf302-08 Firmware Version < 1.4.10.6
Cisco ≫ Sf300-24mp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-10sfp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-28mp Firmware Version < 1.4.10.6
Cisco ≫ Sg300-52p Firmware Version < 1.4.10.6
Cisco ≫ Sg300-52mp Firmware Version < 1.4.10.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.574 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 6.8 | 2.2 | 4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.