CVE-2019-1963

EPSS 0.92%
Published 28.08.2019 19:15:10
Last modified 21.11.2024 04:37:46
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version >= 5.2 < 6.2\(29\)

   Cisco ≫ Mds 9132t Version-
   Cisco ≫ Mds 9148s Version-
   Cisco ≫ Mds 9148t Version-
   Cisco ≫ Mds 9216 Version-
   Cisco ≫ Mds 9216a Version-
   Cisco ≫ Mds 9216i Version-
   Cisco ≫ Mds 9222i Version-
   Cisco ≫ Mds 9250i Version-
   Cisco ≫ Mds 9396s Version-
   Cisco ≫ Mds 9396t Version-
   Cisco ≫ Mds 9506 Version-
   Cisco ≫ Mds 9509 Version-
   Cisco ≫ Mds 9513 Version-
   Cisco ≫ Mds 9706 Version-
   Cisco ≫ Mds 9710 Version-
   Cisco ≫ Mds 9718 Version-

Cisco ≫ Nx-os Version >= 7.3 < 8.4

Cisco ≫ Nx-os Version < 13.2\(7k\)

   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 9316d-gx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 93600cd-gx Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9500 Supervisor A Version-
   Cisco ≫ Nexus 9500 Supervisor A+ Version-
   Cisco ≫ Nexus 9500 Supervisor B Version-
   Cisco ≫ Nexus 9500 Supervisor B+ Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-

Cisco ≫ Nx-os Version >= 14.0 < 14.0\(2c\)

Cisco ≫ Nx-os Version >= 14.1 < 14.1\(1i\)

Cisco ≫ Nx-os Version >= 7.0\(3\)f < 9.2\(3\)

   Cisco ≫ N9k-c9504-fm-r Version-
   Cisco ≫ N9k-c9508-fm-r Version-
   Cisco ≫ N9k-x96136yc-r Version-
   Cisco ≫ N9k-x9636c-r Version-
   Cisco ≫ N9k-x9636c-rx Version-
   Cisco ≫ N9k-x9636q-r Version-
   Cisco ≫ Nexus 36180yc-r Version-
   Cisco ≫ Nexus 3636c-r Version-
   Cisco ≫ X96136yc-r Version-
   Cisco ≫ X9636c-r Version-
   Cisco ≫ X9636c-rx Version-
   Cisco ≫ X9636q-r Version-

Cisco ≫ Nx-os Version < 7.1\(5\)n1\(1b\)

   Cisco ≫ Nexus 5010 Version-
   Cisco ≫ Nexus 5020 Version-
   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5672up-16g Version-
   Cisco ≫ Nexus 5696q Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-

Cisco ≫ Nx-os Version >= 7.3 < 7.3\(5\)n1\(1\)

Cisco ≫ Nx-os Version < 6.2\(22\)

   Cisco ≫ 7000 10-slot Version-
   Cisco ≫ 7000 18-slot Version-
   Cisco ≫ 7000 4-slot Version-
   Cisco ≫ 7000 9-slot Version-
   Cisco ≫ 7700 10-slot Version-
   Cisco ≫ 7700 18-slot Version-
   Cisco ≫ 7700 2-slot Version-
   Cisco ≫ 7700 6-slot Version-
   Cisco ≫ N77-f312ck-26 Version-
   Cisco ≫ N77-f324fq-25 Version-
   Cisco ≫ N77-f348xp-23 Version-
   Cisco ≫ N77-f430cq-36 Version-
   Cisco ≫ N77-m312cq-26l Version-
   Cisco ≫ N77-m324fq-25l Version-
   Cisco ≫ N77-m348xp-23l Version-
   Cisco ≫ N7k-f248xp-25e Version-
   Cisco ≫ N7k-f306ck-25 Version-
   Cisco ≫ N7k-f312fq-25 Version-
   Cisco ≫ N7k-m202cf-22l Version-
   Cisco ≫ N7k-m206fq-23l Version-
   Cisco ≫ N7k-m224xp-23l Version-
   Cisco ≫ N7k-m324fq-25l Version-
   Cisco ≫ N7k-m348xp-25l Version-
   Cisco ≫ Nexus 7000 Supervisor 1 Version-
   Cisco ≫ Nexus 7000 Supervisor 2 Version-
   Cisco ≫ Nexus 7000 Supervisor 2e Version-
   Cisco ≫ Nexus 7700 Supervisor 2e Version-
   Cisco ≫ Nexus 7700 Supervisor 3e Version-

Cisco ≫ Nx-os Version >= 7.2 < 7.2\(0\)d1\(1\)

Cisco ≫ Nx-os Version >= 8.0 < 8.2\(3\)

Cisco ≫ Nx-os Version >= 8.3 < 8.3\(2\)

Cisco ≫ Fx-os Version < 2.2.2.91

   Cisco ≫ Firepower 4110 Version-
   Cisco ≫ Firepower 4120 Version-
   Cisco ≫ Firepower 4140 Version-
   Cisco ≫ Firepower 4150 Version-
   Cisco ≫ Firepower 9300 With 1 Sm-24 Module Version-
   Cisco ≫ Firepower 9300 With 1 Sm-36 Module Version-
   Cisco ≫ Firepower 9300 With 1 Sm-44 Module Version-
   Cisco ≫ Firepower 9300 With 3 Sm-44 Module Version-

Cisco ≫ Fx-os Version >= 2.3 < 2.3.1.130

Cisco ≫ Fx-os Version >= 2.4 < 2.4.1.222

Cisco ≫ Nx-os Version < 13.2\(7k\)

   Cisco ≫ 9432pq Version-
   Cisco ≫ 9536pq Version-
   Cisco ≫ 9636pq Version-
   Cisco ≫ 9736pq Version-
   Cisco ≫ N9k-x9432c-s Version-
   Cisco ≫ N9k-x9464px Version-
   Cisco ≫ N9k-x9464tx2 Version-
   Cisco ≫ N9k-x9564px Version-
   Cisco ≫ N9k-x9564tx Version-
   Cisco ≫ N9k-x9636c-r Version-
   Cisco ≫ N9k-x9636c-rx Version-
   Cisco ≫ N9k-x97160yc-ex Version-
   Cisco ≫ N9k-x9732c-ex Version-
   Cisco ≫ N9k-x9732c-fx Version-
   Cisco ≫ N9k-x9736c-ex Version-
   Cisco ≫ N9k-x9736c-fx Version-
   Cisco ≫ N9k-x9788tc-fx Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 9316d-gx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 93600cd-gx Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9500 Supervisor A Version-
   Cisco ≫ Nexus 9500 Supervisor A+ Version-
   Cisco ≫ Nexus 9500 Supervisor B Version-
   Cisco ≫ Nexus 9500 Supervisor B+ Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-
   Cisco ≫ X9636q-r Version-

Cisco ≫ Nx-os Version >= 14.0 < 14.0\(2c\)

Cisco ≫ Nx-os Version >= 14.1 <= 14.1\(1i\)

Cisco ≫ Nx-os Version < 5.2\(1\)sv3\(4.1a\)

Cisco ≫ Nexus 1000v Switch Version- SwPlatformvmware_vsphere

Cisco ≫ Nx-os Version < 5.2

Cisco ≫ Nexus 1000v Switch Version- SwPlatformhyper-v

Cisco ≫ Nx-os Version >= 5.2 < 5.2\(1\)sv5\(1.2\)

Cisco ≫ Nexus 1000 Virtual Edge Version- SwPlatformvmware_vsphere

Cisco ≫ Nx-os Version >= 7.0\(3\)i4 < 7.0\(3\)i4\(9\)

   Cisco ≫ N9k-c92160yc-x Version-
   Cisco ≫ N9k-c9236c Version-
   Cisco ≫ N9k-c9272q Version-
   Cisco ≫ N9k-c93180lc-ex Version-
   Cisco ≫ N9k-c93180yc-ex Version-
   Cisco ≫ N9k-c93180yc-fx Version-
   Cisco ≫ N9k-x9732c-ex Version-
   Cisco ≫ N9k-x9736c-fx Version-
   Cisco ≫ Nexus 3048 Version-

Cisco ≫ Nx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)

Cisco ≫ Nx-os Version >= 9.2 < 9.2\(3\)

Cisco ≫ Nx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)

Cisco ≫ Nexus 3524-x/xl Version-
Cisco ≫ Nexus 3548-x/xl Version-

Cisco ≫ Nx-os Version >= 9.2 < 9.2\(3\)

Cisco ≫ Nexus 3524-x/xl Version-
Cisco ≫ Nexus 3548-x/xl Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.92%	0.739

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
psirt@cisco.com	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1963

EUVD