8.6

CVE-2019-1962

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.

Data is provided by the National Vulnerability Database (NVD)
CiscoNx-os Version >= 5.2 < 6.2\(29\)
   CiscoMds 9132t Version-
   CiscoMds 9148s Version-
   CiscoMds 9148t Version-
   CiscoMds 9216 Version-
   CiscoMds 9216a Version-
   CiscoMds 9216i Version-
   CiscoMds 9222i Version-
   CiscoMds 9250i Version-
   CiscoMds 9396s Version-
   CiscoMds 9396t Version-
   CiscoMds 9506 Version-
   CiscoMds 9509 Version-
   CiscoMds 9513 Version-
   CiscoMds 9706 Version-
   CiscoMds 9710 Version-
   CiscoMds 9718 Version-
CiscoNx-os Version >= 7.3 < 8.1
   CiscoMds 9132t Version-
   CiscoMds 9148s Version-
   CiscoMds 9148t Version-
   CiscoMds 9216 Version-
   CiscoMds 9216a Version-
   CiscoMds 9216i Version-
   CiscoMds 9222i Version-
   CiscoMds 9250i Version-
   CiscoMds 9396s Version-
   CiscoMds 9396t Version-
   CiscoMds 9506 Version-
   CiscoMds 9509 Version-
   CiscoMds 9513 Version-
   CiscoMds 9706 Version-
   CiscoMds 9710 Version-
   CiscoMds 9718 Version-
CiscoNx-os Version >= 7.0\(3\)f < 9.2
   CiscoN9k-c9504-fm-r Version-
   CiscoN9k-c9508-fm-r Version-
   CiscoN9k-x96136yc-r Version-
   CiscoN9k-x9636c-r Version-
   CiscoN9k-x9636c-rx Version-
   CiscoN9k-x9636q-r Version-
   CiscoNexus 36180yc-r Version-
   CiscoNexus 3636c-r Version-
   CiscoX96136yc-r Version-
   CiscoX9636c-r Version-
   CiscoX9636c-rx Version-
   CiscoX9636q-r Version-
CiscoNx-os Version < 7.1\(5\)n1\(1b\)
   CiscoNexus 5010 Version-
   CiscoNexus 5020 Version-
   CiscoNexus 5548p Version-
   CiscoNexus 5548up Version-
   CiscoNexus 5596t Version-
   CiscoNexus 5596up Version-
   CiscoNexus 56128p Version-
   CiscoNexus 5624q Version-
   CiscoNexus 5648q Version-
   CiscoNexus 5672up Version-
   CiscoNexus 5672up-16g Version-
   CiscoNexus 5696q Version-
   CiscoNexus 6001 Version-
   CiscoNexus 6004 Version-
CiscoNx-os Version >= 7.3 < 7.3\(5\)n1\(1\)
   CiscoNexus 5010 Version-
   CiscoNexus 5020 Version-
   CiscoNexus 5548p Version-
   CiscoNexus 5548up Version-
   CiscoNexus 5596t Version-
   CiscoNexus 5596up Version-
   CiscoNexus 56128p Version-
   CiscoNexus 5624q Version-
   CiscoNexus 5648q Version-
   CiscoNexus 5672up Version-
   CiscoNexus 5672up-16g Version-
   CiscoNexus 5696q Version-
   CiscoNexus 6001 Version-
   CiscoNexus 6004 Version-
CiscoNx-os Version < 6.2\(22\)
   Cisco7000 10-slot Version-
   Cisco7000 18-slot Version-
   Cisco7000 4-slot Version-
   Cisco7000 9-slot Version-
   Cisco7700 10-slot Version-
   Cisco7700 18-slot Version-
   Cisco7700 2-slot Version-
   Cisco7700 6-slot Version-
   CiscoN77-f312ck-26 Version-
   CiscoN77-f324fq-25 Version-
   CiscoN77-f348xp-23 Version-
   CiscoN77-f430cq-36 Version-
   CiscoN77-m312cq-26l Version-
   CiscoN77-m324fq-25l Version-
   CiscoN77-m348xp-23l Version-
   CiscoN7k-f248xp-25e Version-
   CiscoN7k-f306ck-25 Version-
   CiscoN7k-f312fq-25 Version-
   CiscoN7k-m202cf-22l Version-
   CiscoN7k-m206fq-23l Version-
   CiscoN7k-m224xp-23l Version-
   CiscoN7k-m324fq-25l Version-
   CiscoN7k-m348xp-25l Version-
   CiscoNexus 7000 Supervisor 1 Version-
   CiscoNexus 7000 Supervisor 2 Version-
   CiscoNexus 7000 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 3e Version-
CiscoNx-os Version >= 7.2 < 7.3\(4\)d1\(1\)
   Cisco7000 10-slot Version-
   Cisco7000 18-slot Version-
   Cisco7000 4-slot Version-
   Cisco7000 9-slot Version-
   Cisco7700 10-slot Version-
   Cisco7700 18-slot Version-
   Cisco7700 2-slot Version-
   Cisco7700 6-slot Version-
   CiscoN77-f312ck-26 Version-
   CiscoN77-f324fq-25 Version-
   CiscoN77-f348xp-23 Version-
   CiscoN77-f430cq-36 Version-
   CiscoN77-m312cq-26l Version-
   CiscoN77-m324fq-25l Version-
   CiscoN77-m348xp-23l Version-
   CiscoN7k-f248xp-25e Version-
   CiscoN7k-f306ck-25 Version-
   CiscoN7k-f312fq-25 Version-
   CiscoN7k-m202cf-22l Version-
   CiscoN7k-m206fq-23l Version-
   CiscoN7k-m224xp-23l Version-
   CiscoN7k-m324fq-25l Version-
   CiscoN7k-m348xp-25l Version-
   CiscoNexus 7000 Supervisor 1 Version-
   CiscoNexus 7000 Supervisor 2 Version-
   CiscoNexus 7000 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 2e Version-
   CiscoNexus 7700 Supervisor 3e Version-
CiscoNx-os Version < 7.0\(3\)i4\(9\)
   CiscoN9k-c92160yc-x Version-
   CiscoN9k-c9236c Version-
   CiscoN9k-c9272q Version-
   CiscoN9k-c93180lc-ex Version-
   CiscoN9k-c93180yc-ex Version-
   CiscoN9k-c93180yc-fx Version-
   CiscoN9k-x9732c-ex Version-
   CiscoN9k-x9736c-fx Version-
   CiscoNexus 3048 Version-
CiscoNx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)
   CiscoN9k-c92160yc-x Version-
   CiscoN9k-c9236c Version-
   CiscoN9k-c9272q Version-
   CiscoN9k-c93180lc-ex Version-
   CiscoN9k-c93180yc-ex Version-
   CiscoN9k-c93180yc-fx Version-
   CiscoN9k-x9732c-ex Version-
   CiscoN9k-x9736c-fx Version-
   CiscoNexus 3048 Version-
CiscoNx-os Version < 6.0\(2\)a8\(11\)
   CiscoNexus 3524-x/xl Version-
   CiscoNexus 3548-x/xl Version-
CiscoNx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)
   CiscoNexus 3524-x/xl Version-
   CiscoNexus 3548-x/xl Version-
CiscoNx-os Version < 3.2\(3i\)
   CiscoUcs-6296up Version-
   CiscoUcs 6248up Version-
   CiscoUcs 6324 Version-
   CiscoUcs 6332 Version-
   CiscoUcs 6332-16up Version-
CiscoNx-os Version >= 4.0 < 4.0\(2d\)
   CiscoUcs-6296up Version-
   CiscoUcs 6248up Version-
   CiscoUcs 6324 Version-
   CiscoUcs 6332 Version-
   CiscoUcs 6332-16up Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.45% 0.789
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.